Skip to main content

Use cases

Our API provides a powerful way to interact with whop programmatically. Some common use cases include
  • I’m a company owner and I want to pull payments made only to my company. -> Use Company API keys
  • I’m a developer and I want to list memberships for any company that has installed my app. -> Use App API keys
  • I’m a developer using whop for platforms I want to retrieve payment details for payments made to a connected account of my platform. -> Use Company API keys of the main “platform” company.
  • I’m a developer and I want to let users sign in with Whop and access their data on their behalf. -> Use OAuth tokens
Access to different features of our api is controlled by a fine-grained permission system, allowing you to implement strong security practices in your applications. Always make sure your api key has the required permissions enabled for your desired usage. Each endpoint will document the required permission scopes.

API Keys

Use company API keys when you only want to fetch data, or perform actions for your own company, and or connected account companies.
  1. Go to your developer dashboard.
  2. Click the “Create” button in the “Company API Keys” section
  3. Give your api key a name. For example “Data pipeline” or “GHL Integration”
  4. Select a role or a custom set of permissions. (You can always update this later and add more if you need)
  5. Create the api key, and copy it from the modal.
Use app API keys when you are building an app and need to access data on companies that have installed your app.
  1. Go to your developer dashboard.
  2. Click the Create app button and give your app a name. You can change this name later.
  3. Your API key is the hidden text after WHOP_API_KEY in the Environment variables section. Use the reveal button to show the key, copy it and keep it in a safe place. You will need it to make API calls.
Use OAuth tokens when you want users to sign in with their Whop account and grant your app permission to act on their behalf. Unlike API keys which use your app’s permissions, OAuth tokens are scoped to what each individual user can access.Common use cases:
  • “Sign in with Whop” authentication
  • Accessing a user’s memberships, purchases, or profile
  • Performing actions as a specific user (not as your app)
OAuth tokens are obtained through the OAuth 2.1 + PKCE flow:
  1. Redirect users to Whop’s authorization page
  2. User logs in and approves your requested scopes
  3. Exchange the authorization code for access and refresh tokens
  4. Use the access token as your API key in SDK calls or the Authorization header
See the OAuth guide for full implementation details.

Making API calls

Our public api is available at https://api.whop.com/api/v1 You can test the api by using curl to fetch your public user profile data: 
# replace "j" with your own whop username
curl https://api.whop.com/api/v1/users/j
To make authenticated requests you need to include your API key in the Authorization header using the Bearer scheme: 
# replace "YOUR_API_KEY" with your real API key
curl https://api.whop.com/api/v1/payments?company_id=biz_xxxxxxxxxxx \
    -H "Authorization: Bearer YOUR_API_KEY"

Whop SDKs

We recommending using our SDKs to make API calls in your apps. We currently support

Example usage

Make sure your api key has the required permissions to make api calls. If building an app, see Permissions for more information.
import Whop from "@whop/sdk";

const client = new Whop({
  apiKey: process.env["WHOP_API_KEY"], // This is the default and can be omitted
  appID: "app_xxxxxxxxxxxxxx", // only required when building an app
});

const page = await client.payments.list({ company_id: "biz_xxxxxxxxxxxxxx" });
const paymentListResponse = page.data[0];

console.log(paymentListResponse.id);

MCP

You can also access the API via our mcp server available at https://mcp.whop.com/mcp (cursor) or https://mcp.whop.com/sse (claude) Learn more here