Version: v2 2019-04-03
Endpoints
| Production | |
| Authorization | https://www.wepay.com/v2/oauth2/authorize |
| Token | https://wepayapi.com/v2/oauth2/token |
| Stage | |
| Authorization | https://stage.wepay.com/v2/oauth2/authorize |
| Token | https://stage.wepayapi.com/v2/oauth2/token |
/oauth2/authorize
This call is a URI which your application sends to the user so that they can grant your application permission to make API calls on their behalf. After the user sets up their WePay account, your application is returned the code and state fields.
Arguments
| Parameter | Required | Type | Description |
| client_id | Yes | Integer | The client id issued to the app, found on your application's dashboard. |
| redirect_uri | Yes | String | The URI the user will be redirected to after authorization. Must have the same domain as the application. Note: WePay does not allow underscores in subdomains, and using an underscore will violate the matching domain requirement. |
| scope | Yes | String | Custom user permission settings are no longer supported. Please provide a comma-separated list of all of the following permissions when registering a user with this call: manage_accounts, collect_payments, view_user, preapprove_payments, and send_money. |
| state | No | String | The opaque value the client application uses to maintain state. |
| user_name | No | String | The user name used to pre-fill the authorization form. |
| user_email | No | String | The user email used to pre-fill the authorization form. |
| user_country | No | String | The user's country of origin 2-letter ISO code. Possible values: US, CA. Default: US. |
Example
https://stage.wepay.com/v2/oauth2/authorize?client_id=12345&redirect_uri=http://example.com/wepay&scope=manage_accounts,collect_payments,view_user,preapprove_payments,send_money
Response
| Response | Type | Description |
| code | String | The authorization code used to get the access token. This code expires in 10 minutes. |
| state | String | The opaque value the client application uses to maintain state (same as above, if provided). |
/oauth2/token
Once you have sent the user through the authorization endpoint and they have returned with a code, you can use that code to retrieve an access token for that user. The redirect URI will need to be the same as in the in /v2/oauth2/authorize step.
Note that when you request a new access token with this call, WePay automatically revokes all previously issued access tokens for this user. Make sure you update the access token you are using for a user each time you make this call.
Arguments
| Parameter | Required | Type | Description |
| client_id | Yes | Integer (64 bits) | The client ID issued to the app, found on your application's dashboard. |
| redirect_uri | Yes | String (2083 chars) | The URI the user was redirected to after authorization. Must be the same as passed in /oauth2/authorize.
Note: WePay does not allow underscores in subdomains, and using an underscore will violate the matching domain requirement. |
| client_secret | Yes | String (255 chars) | The client secret issued to the app by WePay, found on your application's dashboard |
| code | Yes | String (255 chars) | The code returned by /oauth2/authorize. This code expires in 10 minutes. |
| callback_uri | No | String (2083 chars) | A callback_uri you want to receive IPNs for this user on. If you specify a callback URI you will receive IPNs with the user_id when the user revokes an access_token or is deleted.Note: Your platform may test using ports in staging but ports are not allowed in production. |
Example
{
"client_id": 12345,
"client_secret": "1a2b3c4d5e6f",
"redirect_uri": "http://example.com/user/oauth2/12345",
"code": "a35k2j9aeigj43tu09a4ugaoijg0943ug0349ugakj"
}
Response
| Response | Type | Description |
| user_id | Integer (64 bits) | The unique user ID of the user. |
| access_token | String (255 chars) | The access_token that you can use to make calls on behalf of the user. |
| token_type | String (255 chars) | The token type. Currently only BEARER is supported. |
| expires_in | Integer (64 bits) | How much time in seconds till the access_token expires. If null or not present, the access token will be valid until the user revokes it. |
Example
{
"user_id": 12345,
"access_token": "5220ba86b6c4cbaf6a78ccf60dfe83514eeb8b1ee88f1a58f9de7d818f68",
"token_type": "BEARER"
}