Skip to main content
POST
/
access_tokens
JavaScript
import Whop from '@whop/sdk';

const client = new Whop({
  appID: 'app_xxxxxxxxxxxxxx',
  apiKey: 'My API Key',
});

const accessToken = await client.accessTokens.create({
  scoped_actions: ['string'],
  target_resource_id: 'target_resource_id',
  target_resource_type: 'company',
});

console.log(accessToken.token);
{
  "token": "<string>",
  "expires_at": "2023-12-01T05:00:00.401Z"
}

Authorizations

Authorization
string
header
required

The app API key from an app from the /dashboard/developer page

Body

application/json

Parameters for CreateAccessToken

scoped_actions
string[]
required

Array of desired scoped actions for the access token. This list must be a subset of the API keys's existing permissions. Otherwise, an error will be raised.

Represents textual data as UTF-8 character sequences. This type is most often used by GraphQL to represent free-form human-readable text.

target_resource_id
string
required

The ID of the target resource (Company, User, etc.) for which the access token is being created.

target_resource_type
enum<string>
required

The type of the target resource (company, user, product, experience, etc.).

Available options:
company,
product,
experience,
app,
user
expires_at
string<date-time> | null

The expiration timestamp for the access token. If not provided, a default expiration time of 1 hour will be used. The expiration can be set to a maximum of 3 hours from the current time.

Example:

"2023-12-01T05:00:00.401Z"

Response

A successful response

An object representing an access token used for authenticating API requests.

token
string
required

The JWT access token string.

expires_at
string<date-time>
required

The expiration timestamp of the access token.

Example:

"2023-12-01T05:00:00.401Z"