Skip to main content
POST
/
access_tokens
JavaScript
import Whop from '@whop/sdk';

const client = new Whop({
  apiKey: process.env['WHOP_API_KEY'], // This is the default and can be omitted
});

const accessToken = await client.accessTokens.create();

console.log(accessToken.token);
{
  "token": "<string>",
  "expires_at": "2023-12-01T05:00:00.401Z"
}

Authorizations

Authorization
string
header
required

A company API key, company scoped JWT, app API key, or user OAuth token. You must prepend your key/token with the word 'Bearer', which will look like Bearer ***************************

Body

application/json

Parameters for CreateAccessToken

company_id
string | null

The unique identifier of the company to generate the token for, starting with 'biz_'. The API key must have permission to access this company.

Example:

"biz_xxxxxxxxxxxxxx"

expires_at
string<date-time> | null

The expiration timestamp for the access token. Defaults to 1 hour from now, with a maximum of 3 hours.

Example:

"2023-12-01T05:00:00.401Z"

scoped_actions
string[] | null

An array of permission scopes to grant to the access token. If empty or omitted, all permissions from the authenticating credential are inherited. Must be a subset of the credential's permissions.

Represents textual data as UTF-8 character sequences. This type is most often used by GraphQL to represent free-form human-readable text.

user_id
string | null

The unique identifier of the user to generate the token for, starting with 'user_'. The API key must have permission to access this user.

Example:

"user_xxxxxxxxxxxxx"

Response

A successful response

A short-lived access token used to authenticate API requests on behalf of a user.

token
string
required

The signed JWT access token string to include in API request Authorization headers.

expires_at
string<date-time>
required

The timestamp after which this access token is no longer valid and must be refreshed.

Example:

"2023-12-01T05:00:00.401Z"