The /user API calls

The user object represents a single user registered on WePay. A single user may be authorized on multiple applications. Users are segmented by email address, whereas access tokens map to a specific user-application pair.

The following calls let you create, view, and modify user objects on WePay:

User States

The user object has the following states and the following possible state transitions (you can receive callback notifications when the user changes state. Read our instant payment notifications guide for more details):

pending The user registered with /user/register and has not yet confirmed the registration using the link in the confirmation email. A user whose registration is in a pending state is subject to limitations on the total amount funds they may accept and the period of time during which they may accept payments before their their account is deleted.
registered The user's registration on WePay is complete. When a user is first created, an email is sent to the email address supplied at the time of their registration with a confirmation link. The initial state (when the confirmation email is sent) is pending. When the WePay system receives the confirmation, the user's state is changed to registered. If the user is created using the /user/register call, a subsequent call to /user/send_confirmation must be made in order to send the confirmation email.
deleted The user's registration was deleted. A user may delete their account themselves, or an account may be deleted by WePay customer support.

User States Diagram

Version: v2 2016-08-10

POST Endpoint

https://wepayapi.com/v2/account

/user

Use this call to look up details about the user associated with the access token used to make the call.

Arguments

There are no arguments necessary for this call. Only an access token passed in the authorization header is required. The access token must be that of the user whose information you are searching for.

Example access token

Bearer PRODUCTION_abcdefghijklmnopqrstuvwxyz1234567890

Response

Response Type Description
user_id Integer (64 bits) The unique ID of the user.
user_name String (255 chars) The full name of the user.
first_name String (127 chars) The first name of the user.
last_name String (127 chars) The last name of the user.
email String (255 chars) The email of the user.
state String (255 chars) Either registered if the user has registered, or pending if the user still needs to confirm their registration.
callback_uri String (2083 chars) The URI you want to receive IPNs on. See /user/modify.

Example of registered or pending state user

{
   "user_id": 12345,
   "first_name": "Bill",
   "last_name": "Clerico",
   "email": "api@wepay.com",
   "state": "registered",
   "callback_uri": "https://www.everribbon.com/ipn/12345"
}

Example of deleted user

{
   "error": "access_denied",
   "error_description": "the user associated with the access_token has been deleted",
   "error_code": 7003
}

/user/modify

This call allows you to add a callback_uri to the user object. If you add a callback_uri you will receive IPNs with the user_id each time the user revokes their access token or the user is deleted. This call returns the same response as /user.

Arguments

Parameter Required Type Description
callback_uri No String (2083 chars) The callback URI where you want to receive IPNs. Must be a full URI.

Example

{
   "callback_uri": "https://www.everribbon.com/ipn/12345"
}

Response

Response Type Description
user_id Integer (64 bits) The unique ID of the user.
user_name String (255 chars) The full name of the user.
first_name String (127 chars) The first name of the user.
last_name String (127 chars) The last name of the user.
email String (255 chars) The email of the user.
state String (255 chars) Either registered if the user has registered, or pending if the user still needs to confirm their registration.
callback_uri String (2083 chars) The URI you want to receive IPNs on. See /user/modify.

Example of registered or pending state user

{
   "user_id": 12345,
   "first_name": "Bill",
   "last_name": "Clerico",
   "email": "api@wepay.com",
   "state": "registered",
   "callback_uri": "https://www.everribbon.com/ipn/12345"
}

Example of deleted user

{
   "error": "access_denied",
   "error_description": "the user associated with the access_token has been deleted",
   "error_code": 7003
}

/user/register

Registers a user with your application and returns a temporary access token for that user.

The temporary access token will expire 90 days after its creation if not approved. You can send the user an email to confirm their WePay account using the /user/send_confirmation call.

Unconfirmed accounts created with a temporary access token have a few restrictions:

  1. They can only accept $100,000.
  2. New payments will be disabled 14 days after they accept their first payment.
  3. They will be deleted 30 days after they accept their first payment.

Once an unconfirmed account created with a temporary access token is deleted, all accepted payments are refunded.

You must specify the client_id and client_secret for your application. This call does not use OAuth2 authorization, so you should not pass an access token.

Arguments

Parameter Required Type Description
client_id Yes Integer (64 bits) The integer client ID issued to the app, found on your application's dashboard.
client_secret Yes String (255 chars) The string client secret issued to the app, found on your application's dashboard.
email Yes String (255 chars) The email of the user you want to register.
scope Yes String (255 chars) A comma-separated list of permissions.
first_name Yes String (127 chars) The first name of the user you want to register.
last_name Yes String (127 chars) The last name of the user you want to register.
original_ip Yes String (16 chars) The IP address of the user you want to register.
original_device Yes String (255 chars) The user-agent (for web) or the IMEI (for mobile) of the user you want to register.
tos_acceptance_time Yes Integer (64 bits) A Unix timestamp referencing the time the user accepted WePay's terms of service.
redirect_uri No String (2083 chars) The URI the user will be redirected to after they have confirmed they wanted to be registered on WePay. By default this will be your application's homepage.
callback_uri No String (2083 chars) The callback URI where you want to receive IPNs. Must be a full URI.
type No String (255 chars) The type of user to be created. This parameter is used to create SSO users.

To create an SSO user, set the value to sso. Otherwise do not include this parameter in the call.

Example

{
   "client_id": 12345,
   "client_secret": "6446c521bd",
   "email": "api@wepay.com",
   "scope": "manage_accounts,collect_payments,view_user,send_money,preapprove_payments",
   "first_name": "Bill",
   "last_name": "Clerico",
   "original_ip": "74.125.224.84",
   "original_device": "Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_6_6; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.102 Safari/534.13",
   "tos_acceptance_time": 1209600
}

Response

Response Type Description
user_id Integer (64 bits) The unique integer user ID of the user.
access_token String (255 chars) The string access token that you can use to make calls on behalf of the user.
token_type String (255 chars) The token type. Only BEARER is currently supported.
expires_in Integer (64 bits) How much time till the access_token expires in seconds. If null or not present, the access token will be valid until the user revokes the access_token.

Example

{
   "user_id": 567235,
   "access_token": "604f39f41e364951ced74070c6e8bfa49d346cdfee6191b03c2c2d9c9cda9184",
   "token_type": "BEARER",
   "expires_in": 1209600
}

/user/send_confirmation

For users who were registered via the /user/register call, this API call must be used to send the registration confirmation email. This call can also be used later to resend the registration confirmation email as needed.

The access_token returned by the associated /user/register call must be passed in the authorization header.

Arguments

Parameter Required Type Description
email_message No String (65535 chars) A short message that will be included in the email to the user.
email_subject No String (255 chars) The subject line of the email.
email_button_text No String (255 chars) The text on the button in the confirmation email.

Example

{
   "email_message": "Welcome to my application."
}

Response

Response Type Description
user_id Integer (64 bits) The unique ID of the user.
first_name String (127 chars) The first name of the user.
last_name String (127 chars) The last name of the user.
email String (255 chars) The email address of the user.
email_subject String (255 chars) The subject line of the email.
email_button_text String (255 chars) The text in the button in the confirmation email.
state String (255 chars) Either registered if the user has registered, or pending if the user still needs to confirm their registration.

Example

{
   "user_id": 12345,
   "first_name": "Bill",
   "last_name": "Clerico",
   "email": "api@wepay.com",
   "state": "pending"
}

/user/mark_email_verified

Use this call to indicate a successful verification of the user’s email address. This call may be made anytime after the /user/register call is successfully completed, however it must be executed within the time limits specified in /user/register for confirming accounts.

Arguments

There are no argument for this call.

Response

Response Type Description
user_id Integer (64 bits) A unique identifier for the user.
first_name String (255 chars) The user's first name.
last_name String (255 chars) The user's last name.
email String (255 chars) The user's registered email.
state String (255 chars) The state of the user, this should always be registered.

Example

{
   "user_id": 123456789,
   "first_name": "John",
   "last_name": "Doe",
   "email": "JohnDoe@something.com",
   "state": "registered"  
}

/user/request_sso_token

Use this call to obtain a one-time use sso_token which must be signed within 10 minutes.

Arguments

There are no arguments for this call.

Response

Response Type Description
sso_token String (255 chars) A 128-bit Universally Unique Identifier (UUID). The token is a one-time use only and expires after 10 minutes.
expire_time Integer (64 bits) The time the sso_token will expire. The time to live (TTL) defaults to 10 minutes.

Example

{
   "sso_token": "1230i$3soiehjs847",
   "expire_time": 1468596660
}