x-whop-user-token header on every request. Every Whop app verifies that token via whopsdk.verifyUserToken, so you need the same header on localhost to test against real users. The dev proxy injects it for you.
Pick your setup
Two installation modes. Both ship the same proxy binary; the difference is whether the proxy spawns your dev server or runs alongside it.NextJS / Javascript app
1
Add the proxy as a dev dependency
2
Update your package.json dev script
Update your
package.json dev script to include the proxy.You can update the dev command to match your framework requirements.
You can also wrap other commands with the proxy in a similar way.
3
Run the proxy
Standalone mode (other frameworks)
1
Run your app locally
Run your app on your local machine on some port, for example 5000.
2
Run the proxy in standalone mode
This will run the proxy as an independent process. It will start a server on
port 3000 and forward requests to port 5000 and append the user token in the
headers.
Proxy Command Options
The proxy can be configured using the following command line options:Next steps
Authentication
Verify the iframe user token in the same code locally and in production.
Listen to webhooks
Forward Whop webhooks to localhost while developing (use ngrok or Cloudflare Tunnel).
Build app views
Set up the iframe entry points your app will render inside.
Request permissions
Configure the scopes your app needs before publishing.

