API keys are an essential tool for accessing and integrating with Whop's API. An API key is a unique identifier that allows a developer to access Whop's API on behalf of a company and validate licenses, retrieve user information, and more.
It's important that you keep your API keys safe and secure - if not properly scoped, your API keys can be dangerous if they fall into the wrong hands.
Creating an API key
- Head to your Developers setting panel under your business
- Click "New API Key"
- Set a memorable name for your key.
- Copy the API key
After that, you're ready to start creating with Whop's API!
Scoped API keys
Scoped API keys provide access to specific resources or endpoints within Whop's API, rather than providing access to the entire API. This helps to ensure that the client-side code is only able to perform the specific actions that it needs to, while also limiting the potential for security vulnerabilities.
Scoped API keys are the best way for your company to use client-sided keys.
Instructions to create a scoped API key
- Create a new API key under the Developers setting panel
- Click the triple dots and click "Edit permissions"
- Add the permissions you want this key to have access to. If you are storing keys client-side, we recommend keeping your permissions as minimal as possible.
For more authentication help, our API reference page on authentication can provide some more technical specifics.