The endpoints in the me section are designed to return data about the current authenticated user. You will authenticate using the user’s access token.

These endpoints allows you to retrieve data that scoped to the current user and your app. You can use these endpoints to pull the user’s memberships, products, payments, and more.

It is recommended that you use these endpoints in your app to personalize the user’s exerience. You can also use these endpoints to confirm a user has access to your app. However, if you just want to check access, we recommend you use our prebuilt access checking API.

Common Use Cases

  • Fetching the user’s details, such as their email, username, or profile picture
  • Fetching the user’s memberships for your app
  • Fetching a user’s orders for their in-app purchases


There are two different access tokens that you can use to authorize these requests. This depends on if you’re building a Whop App or gating your web app with OAuth

If you’re building a Whop App

Pass the user’s access token that is stored as the whop_user_token cookie. If you’re using the JS SDK, this can easily be sent through the headers. Read more about the SDK authentication here.

If you’re gating your web app with OAuth

Pass the user’s access token that you receieve from the OAuth flow. You can read more about this in our OAuth documentation.

To obtain your OAuth credentials, head to the developer settings page to obtain your Client ID and Client Secret. These keys will be used with the OAuth endpoints to obtain an access token.

Once you close the modal, you cannot view your Client Secret again. Store it securely. If needed, you can generate a new one, but the previous one will be invalidated.