> ## Documentation Index
> Fetch the complete documentation index at: https://docs.whop.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Check User Access

> Checks whether a user has access to an account, product, or experience the caller can reach.



## OpenAPI

````yaml /openapi/api-v1-native.yml get /users/{id}/access/{resource_id}
openapi: 3.1.0
info:
  title: Whop API
  description: >-
    Hand-written V1 endpoints. Merged into the GraphqlRestProxy-generated schema
    at build time.
  version: v1
servers:
  - url: https://{defaultHost}
    variables:
      defaultHost:
        default: api.whop.com/api/v1
security: []
paths:
  /users/{id}/access/{resource_id}:
    parameters:
      - $ref: '#/components/parameters/ApiVersionDate'
      - name: id
        in: path
        required: true
        schema:
          type: string
        description: The user_ tag or username to check access for.
      - name: resource_id
        in: path
        required: true
        schema:
          type: string
        description: An account (biz_), product (prod_), or experience (exp_) ID.
    get:
      tags:
        - Users
      summary: Check User Access
      description: >-
        Checks whether a user has access to an account, product, or experience
        the caller can reach.
      operationId: checkUserAccess
      responses:
        '200':
          description: access checked
          content:
            application/json:
              schema:
                type: object
                properties:
                  has_access:
                    type: boolean
                  access_level:
                    type: string
                    enum:
                      - no_access
                      - admin
                      - customer
                required:
                  - has_access
                  - access_level
      security:
        - bearerAuth: []
components:
  parameters:
    ApiVersionDate:
      name: Api-Version-Date
      in: header
      required: false
      schema:
        type: string
        format: date
        example: '2026-07-01'
      description: >-
        Pins the request to a dated API version. When omitted, the request uses
        the original (2025-01-01) request/response shapes, so existing
        unversioned callers are never broken. Generated SDKs always send the
        latest version they were built against. An unrecognized value is
        rejected with a 400. The schemas documented here always describe the
        latest version.
  securitySchemes:
    bearerAuth:
      type: http
      scheme: bearer
      bearerFormat: auth-scheme
      description: >-
        An account API key, account scoped JWT, app API key, or user OAuth
        token.

````