Skip to main content
POST
/
access_tokens
JavaScript
import Whop from '@whop/sdk';

const client = new Whop({
  apiKey: 'My API Key',
});

const accessToken = await client.accessTokens.create({ company_id: 'biz_xxxxxxxxxxxxxx' });

console.log(accessToken.token);
{
  "token": "<string>",
  "expires_at": "2023-12-01T05:00:00.401Z"
}

Authorizations

Authorization
string
header
required

The app API key from an app from the /dashboard/developer page

Body

application/json
  • CreateAccessTokenInputWithCompanyId
  • CreateAccessTokenInputWithUserId

Parameters for CreateAccessToken Autogenerated input type of CreateAccessToken

company_id
string
required

The ID of the Company to generate the token for. The API key must have permission to access this Company, such as the being the company the API key belongs to or a sub-merchant of it

Example:

"biz_xxxxxxxxxxxxxx"

expires_at
string<date-time> | null

The expiration timestamp for the access token. If not provided, a default expiration time of 1 hour will be used. The expiration can be set to a maximum of 3 hours from the current time.

Example:

"2023-12-01T05:00:00.401Z"

scoped_actions
string[] | null

Array of desired scoped actions for the access token. If sent as an empty array or not provided, all permissions from the API key making the request will be available on the token. If sending an explicit list, they must be a subset of the API keys's existing permissions. Otherwise, an error will be raised.

Represents textual data as UTF-8 character sequences. This type is most often used by GraphQL to represent free-form human-readable text.

Response

A successful response

An object representing an access token used for authenticating API requests.

token
string
required

The JWT access token string.

expires_at
string<date-time>
required

The expiration timestamp of the access token.

Example:

"2023-12-01T05:00:00.401Z"