> ## Documentation Index
> Fetch the complete documentation index at: https://docs.whop.com/llms.txt
> Use this file to discover all available pages before exploring further.
# Permissions
> Configure the permissions your app needs and request approval from the creators who install it.
Apps use permissions to access company data and act on behalf of users. Every API call requires the matching permission. You declare the ones you need in your app's settings, creators approve them at install, and your SDK calls succeed only when those permissions are granted.
Find the required permissions for any endpoint in the API reference. Each operation page lists them under "Required permissions."
## Required vs optional permissions
You can mark each permission as required or optional. The choice changes the install experience for creators.
| Type | Creator can disable at install? | Use when |
| ------------ | ------------------------------- | -------------------------------------------------------------------------- |
| **Required** | No | The app cannot function without this scope |
| **Optional** | Yes | The scope powers a side feature, not the core flow (e.g. analytics opt-in) |
Optional permissions are good for opt-in functionality. If a creator declines an optional permission, your app should still work, just without that feature.
## Set up permissions
The permissions flow is required even for testing on your own company. Same flow on install or self-test, so you catch missing scopes early.
1. Go to the [Developer dashboard](https://whop.com/dashboard/developer).
2. Select or create an app.
3. Click the **Permissions** tab.
Click **Add permissions**, select what your app needs, and confirm.
Cross-reference the API endpoints you plan to call and add every permission they require.
For each one:
1. Write a short justification explaining why the app needs it. Creators see this at install.
2. Mark it **required** or **optional**.
Visit your direct install link: `https://whop.com/apps/app_xxxxxxxxx/install`.
Pick a company, review the permission prompt, and approve.
## Update permissions later
Permissions can change as the app evolves. When you add a new one:
* Existing installs see a **Re-approve** button next to your app.
* API calls that need the new permission fail until each creator re-approves.
When you add a permission, re-approve on your own test company too. New scopes don't carry over until you accept them in [Authorized apps](https://whop.com/dashboard/settings/authorized-apps).
Creators can manage granted permissions any time at `Dashboard → Settings → Authorized apps`.
## FAQ
Up to 100 per app.
Each endpoint in the [API reference](/api-reference/payments/list-payments) lists its required permissions inline.
Yes. You can request additional permissions and the creator will be asked to re-approve them.
Keep in mind that until the permissions are re-approved, API requests requiring the **newly requested** permissions will fail. Make sure to handle these errors gracefully in your code.
When developing your app, make sure you re-approve the permissions yourself in your [Authorized apps](https://whop.com/dashboard/settings/authorized-apps) settings.
See [Configure your permissions](/developer/guides/permissions#updating-your-permissions) for more information.
## Next steps
Verify the user behind a request and check their access level.
Receive payment, membership, and entry events. Webhooks need their own `webhook_receive:*` scopes.
Set up dashboard views, experiences, and discover listings.
Match the production iframe + cookie setup on localhost.