Get Support

🔑 Authentication

The Whop API uses API keys to authenticate requests. You can view and manage your API keys in the Whop Business Dashboard.



Key Security

Your API keys carry many privileges, so be sure to keep them secure! Do not share your secret API keys in publicly accessible areas such as GitHub, client-side code, and so forth, unless you plan on using scoped API keys (pictured below)


Company Authentication

Authentication to the API is performed via Bearer Token in the Authorization header, formatted as follows:

let headers = {
  Authorization: `Bearer ${YOUR_KEY}`
-H "Authorization" = "Bearer <YOUR_KEY>"

All API requests must be made over HTTPS. Calls made over plain HTTP will fail. API requests without authentication will also fail.

Once authenticating, you will access have access to your company's resources via the API.

User Authentication

There are also some requests you can make on behalf of a user. Upon completing OAuth, you will have a user's access token. You can pass this as the authorization header (just like above) and have access to all requests under the /me endpoints. It should look like this:

let headers = {
  Authorization: `Bearer ${USERS_ACCESS_TOKEN}`,
-H "Authorization" = "Bearer <USERS_ACCESS_TOKEN>"

Once authenticating, you will access have access to any endpoints that begin with /me under the Users section