OAuth
Obtain a user's access token
This is how you obtain an access token for a user. In the OAuth flow, your backend will receive a one time use "code" parameter. You will then exchange the code you received for a long lived access token by calling this endpoint.
POST
/
v2
/
oauth
/
token
Body
curl --request POST \
--url https://api.whop.com/v2/oauth/token \
--header 'Content-Type: application/json' \
--data '{
"client_id": "<client_id>",
"client_secret": "<client_secret>",
"code": "<code>",
"grant_type": "<grant_type>",
"redirect_uri": "<redirect_uri>"
}'
{
"access_token": "string"
}
Body
application/json
client_idrequired
string
This is your client ID
client_secretrequired
string
This is your client secret
coderequired
string
This is the code that you received to your OAuth callback as the "code" parameter. Pass it up directly
grant_typerequired
enum<string>
This should always be "authorization_code".
Available options:
authorization_code
redirect_urirequired
string
This is your redirect URL. If you are just gating your webapp, this redirect URL will be registered on your developer portal in the Whop Dashboard. If you are building general purpose software, aka an experience, this should be your "{base_url}/{your_hub_path}".
Response
200 - application/json
access_token
string
The token you will use to authenticate your user
curl --request POST \
--url https://api.whop.com/v2/oauth/token \
--header 'Content-Type: application/json' \
--data '{
"client_id": "<client_id>",
"client_secret": "<client_secret>",
"code": "<code>",
"grant_type": "<grant_type>",
"redirect_uri": "<redirect_uri>"
}'
{
"access_token": "string"
}