The /oauth2 API Calls

Create users using the /oauth2 API calls.

Version: v2 2016-08-10

Endpoints

Production
Authorization https://www.wepay.com/v2/oauth2/authorize
Token https://wepayapi.com/v2/oauth2/token
Stage
Authorization https://stage.wepay.com/v2/oauth2/authorize
Token https://stage.wepayapi.com/v2/oauth2/token

/oauth2/authorize

This call is a URI which your application sends to the user so that they can grant your application permission to make API calls on their behalf. After the user sets up their WePay account, your application is returned the code and state fields.

Arguments

Parameter Required Type Description
client_id Yes Integer The client id issued to the app, found on your application's dashboard.
redirect_uri Yes String The URI the user will be redirected to after authorization. Must have the same domain as the application.
scope Yes String A comma separated string list of permissions. Click here for a list of permissions.
state No String The opaque value the client application uses to maintain state.
user_name No String The user name used to pre-fill the authorization form.
user_email No String The user email used to pre-fill the authorization form.
user_country No String The user's country of origin 2-letter ISO code. Possible values: US, CA, and GB.

Default: US.

Example

   https://stage.wepay.com/v2/oauth2/authorize
   ?client_id=12345
   &redirect_uri=http://example.com/wepay
   &scope=manage_accounts,collect_payments,view_user,preapprove_payments,send_money

Response

Response Type Description
code String The authorization code used to get the access token. This code expires in 10 minutes.
state String The opaque value the client application uses to maintain state (same as above, if provided).

/oauth2/token

Once you have sent the user through the authorization endpoint and they have returned with a code, you can use that code to retrieve an access token for that user. The redirect URI will need to be the same as in the in /v2/oauth2/authorize step.

Note that when you request a new access token with this call, WePay automatically revokes all previously issued access tokens for this user. Make sure you update the access token you are using for a user each time you make this call.

Arguments

Parameter Required Type Description
client_id Yes Integer (64 bits) The client ID issued to the app, found on your application's dashboard.
redirect_uri Yes String (2083 chars) The URI the user was redirected to after authorization. Must be the same as passed in /oauth2/authorize.
client_secret Yes String (255 chars) The client secret issued to the app by WePay, found on your application's dashboard
code Yes String (255 chars) The code returned by /oauth2/authorize. This code expires in 10 minutes.
callback_uri No String (2083 chars) A callback_uri you want to receive IPNs for this user on. If you specify a callback URI you will receive IPNs with the user_id when the user revokes an access_token or is deleted.

Example

{
   "client_id": 12345,
   "client_secret": "1a2b3c4d5e6f",
   "redirect_uri": "http://example.com/user/oauth2/12345",
   "code": "a35k2j9aeigj43tu09a4ugaoijg0943ug0349ugakj"
}

Response

Response Type Description
user_id Integer (64 bits) The unique user ID of the user.
access_token String (255 chars) The access_token that you can use to make calls on behalf of the user.
token_type String (255 chars) The token type. Currently only BEARER is supported.
expires_in Integer (64 bits) How much time in seconds till the access_token expires. If null or not present, the access token will be valid until the user revokes it.

Example

{
   "user_id": 12345,
   "access_token": "5220ba86b6c4cbaf6a78ccf60dfe83514eeb8b1ee88f1a58f9de7d818f68",
   "token_type": "BEARER"
}