ARTICLE AD BOX
I'm integrating the AliExpress Dropshipping API into my NestJS application and encountering a persistent error during the OAuth 2.0 token exchange. After successfully obtaining an authorization code, I receive this error when attempting to exchange it for an access token.
The Error When I make the token exchange request, I receive:
{ "error_response": { "code": 15, "msg": "Remote service error", "sub_code": "isv.account-migration-check-fail", "sub_msg": "The account migration does not conform to platform standards" } }What I've Implemented I've successfully registered my app on the AliExpress Open Platform as a Dropshipping application. My app is approved and set to "Online" status with active API permissions for "AliExpress dropship" and "System Tool" categories.
For the OAuth flow, I'm following the standard authorization code grant process. I redirect users to the AliExpress authorization endpoint, successfully receive the authorization code via my callback URL, and then attempt to exchange this code for an access token.
The token exchange request is sent to https://api-sg.aliexpress.com/rest/auth/token/create using the GET method (as specified in the AliExpress documentation). I include all required parameters: the authorization code, app key, app secret, timestamp in milliseconds, sign method (sha256), format (json), and the HMAC-SHA256 signature.
For the signature generation, I'm following the AliExpress specification exactly. I sort all parameters alphabetically by key, concatenate them in the format appSecret + key1value1 + key2value2 + ... + appSecret, and then compute the HMAC-SHA256 hash in uppercase hexadecimal format. Here's my implementation:
generateSignature(params: Record<string, any>, appSecret: string): string { const sortedKeys = Object.keys(params).sort(); let signString = appSecret; sortedKeys.forEach(key => { if (params[key] !== undefined && params[key] !== null) { signString += key + params[key]; } }); signString += appSecret; return crypto .createHmac('sha256', appSecret) .update(signString, 'utf8') .digest('hex') .toUpperCase(); }What I've Verified I've thoroughly checked several aspects of my implementation:
App Configuration: My app is approved and active in the AliExpress Open Platform. The callback URL is correctly configured and matches exactly what I'm using in the authorization request. I've confirmed that my app has permissions for all Dropshipping API endpoints.
Signature Generation: I've verified that my signature algorithm matches the documentation exactly. Parameters are sorted alphabetically before signing, and the signature is returned in uppercase hexadecimal format as required.
Timestamp: I'm using the current server time in milliseconds and have verified that the timestamp is not in the future or outside the acceptable range.
Authorization Code: I'm using fresh codes immediately after receiving them, and each code is only used once. The code format matches the expected pattern.
Authorization Policy: My app is configured with "Allow login user to authorize" policy, with access token duration of 30 days and refresh token duration of 60 days.
Questions What does "account migration does not conform to platform standards" actually mean in this context? Is this related to my developer account setup, or do I need to complete additional verification steps on the AliExpress platform?
Is there a specific account type or registration required for the Dropshipping API? Should I register separately as a dropshipper on AliExpress (beyond the developer account), or are there specific business verification requirements I'm missing?
Could this error be related to the authorization policy or grant type I'm using? My app is configured to use the "Authorization Code" grant type with "Allow login user to authorize" - is there a different authorization method recommended for the Dropshipping API?
Are there any regional restrictions I should be aware of? I'm using the Singapore endpoint (api-sg.aliexpress.com) - could my account region be incompatible with this endpoint?
Additional Context During testing, I've also encountered "Reach Limit" errors intermittently, which suggests I may have hit API rate limits. However, the "account migration" error appears consistently regardless of rate limiting. The fact that I can successfully generate authorization codes indicates that the OAuth flow works correctly up to the token exchange step.
I'm using NestJS (Node.js) and targeting the AliExpress Dropshipping API (Global). My app key is 525634.
Any insights or experiences with this specific error would be greatly appreciated!
