The /user API calls
The user object represents a single user registered on WePay. A single user may be authorized on multiple applications. Users are segmented by email address, whereas access tokens map to a specific user-application pair.
The following calls let you create, view, and modify user objects on WePay:
User States
The user object has the following states and the following possible state transitions (you can receive callback notifications when the user changes state. Read our instant payment notifications guide for more details):
| pending | The user registered with /user/register and has not yet confirmed the registration using the link in the confirmation email. A user whose registration is in a pending state is subject to limitations on the total amount funds they may accept and the period of time during which they may accept payments before their their account is deleted. |
| registered | The user's registration on WePay is complete. When a user is first created, an email is sent to the email address supplied at the time of their registration with a confirmation link. The initial state (when the confirmation email is sent) is pending. When the WePay system receives the confirmation, the user's state is changed to registered. If the user is created using the /user/register call, a subsequent call to /user/send_confirmation must be made in order to send the confirmation email. |
| deleted | The user's registration was deleted. A user may delete their account themselves, or an account may be deleted by WePay customer support. |
Version: v2 2019-04-03
POST Endpoint
https://wepayapi.com/v2/user
/user
Use this call to look up details about the user associated with the access token used to make the call.
Arguments
There are no arguments necessary for this call. Only an access token passed in the authorization header is required. The access token must be that of the user whose information you are searching for.
Example access token
Bearer STAGE_abcdefghijklmnopqrstuvwxyz1234567890
Response
| Response | Type | Description |
| user_id | Integer (64 bits) | The unique ID of the user. |
| user_name | String (255 chars) | The full name of the user. |
| first_name | String (127 chars) | The first name of the user. |
| last_name | String (127 chars) | The last name of the user. |
| String (255 chars) | The email of the user. | |
| state | String (255 chars) | Either registered if the user has registered, or pending if the user still needs to confirm their registration. |
| callback_uri | String (2083 chars) | The URI you want to receive IPNs on. See /user/modify. |
| referrer_type | String (2083 chars) | How this user was referred to your platform. Possible values include: chase_inside_sales, chase_self_serve, and api.
Default: api
|
Example of registered or pending state user
{
"user_id": 123456789,
"first_name": "John",
"last_name": "Doe",
"user_name": "John Doe",
"email": "JohnDoe@something.com",
"state": "registered",
"callback_uri": null,
"referrer_type": "api"
}
Example of deleted user
{
"error": "access_denied",
"error_description": "the user associated with the access_token has been deleted",
"error_code": 7003
}
/user/modify
This call allows you to add a callback_uri to the user object. If you add a callback_uri you will receive IPNs with the user_id each time the user revokes their access token or the user is deleted. This call returns the same response as /user.
Arguments
| Parameter | Required | Type | Description |
| callback_uri | No | String (2083 chars) | The callback URI where you want to receive IPNs. Must be a full URI. Note: Your platform may test using ports in staging but ports are not allowed in production. |
Example
{
"callback_uri": "https://www.example.com/ipn/12345"
}
Response
| Response | Type | Description |
| user_id | Integer (64 bits) | The unique ID of the user. |
| user_name | String (255 chars) | The full name of the user. |
| first_name | String (127 chars) | The first name of the user. |
| last_name | String (127 chars) | The last name of the user. |
| String (255 chars) | The email of the user. | |
| state | String (255 chars) | Either registered if the user has registered, or pending if the user still needs to confirm their registration. |
| callback_uri | String (2083 chars) | The URI you want to receive IPNs on. See /user/modify. |
| referrer_type | String (2083 chars) | How this user was referred to your platform. Possible values include: chase_inside_sales, chase_self_serve, and api.
Default: api
|
Example of registered or pending state user
{
"user_id": 123456789,
"first_name": "John",
"last_name": "Doe",
"user_name": "John Doe",
"email": "JohnDoe@something.com",
"state": "registered",
"callback_uri": "https://www.example.com/ipn/12345",
"referrer_type": "api"
}
Example of deleted user
{
"error": "access_denied",
"error_description": "the user associated with the access_token has been deleted",
"error_code": 7003
}
/user/register
Registers a user with your application and returns a temporary access token for that user.
The temporary access token will expire 90 days after its creation if not approved. You can send the user an email to confirm their WePay account using the /user/send_confirmation call.
Unconfirmed accounts created with a temporary access token have a few restrictions:
- They can only accept $100,000.
- New payments will be disabled 14 days after they accept their first payment.
- They will be deleted 30 days after they accept their first payment.
Once an unconfirmed account created with a temporary access token is deleted, all accepted payments are refunded.
You must specify the client_id and client_secret for your application. This call does not use OAuth2 authorization, so you should not pass an access token.
Arguments
| Parameter | Required | Type | Description |
| client_id | Yes | Integer (64 bits) | The integer client ID issued to the app, found on your application's dashboard. |
| client_secret | Yes | String (255 chars) | The string client secret issued to the app, found on your application's dashboard. |
| Yes | String (255 chars) | The email of the user you want to register. | |
| scope | Yes | String (255 chars) | Custom user permission settings are no longer supported. Please provide a comma-separated list of all of the following permissions when registering a user with this call: manage_accounts, collect_payments, view_user, preapprove_payments, and send_money. |
| first_name | Yes | String (127 chars) | The first name of the user you want to register.
Note: Only alpha-numeric characters are accepted |
| last_name | Yes | String (127 chars) | The last name of the user you want to register.
Note: Only alpha-numeric characters are accepted |
| original_ip | Yes | String (16 chars) | The IP address of the user you want to register. |
| original_device | Yes | String (255 chars) | The user-agent (for web) or the IMEI (for mobile) of the user you want to register. |
| tos_acceptance_time | Yes | Integer (64 bits) | A Unix timestamp (UTC) referencing the time the user accepted WePay's terms of service. |
| redirect_uri | No | String (2083 chars) | The URI the user will be redirected to after they have confirmed they wanted to be registered on WePay. By default this will be your application's homepage.
Note: WePay does not allow underscores in subdomains, and using an underscore will violate the matching domain requirement. |
| callback_uri | No | String (2083 chars) | The callback URI where you want to receive IPNs. Must be a full URI. Note: Your platform may test using ports in staging but ports are not allowed in production. |
Example
{
"client_id": 12345,
"client_secret": "6446c521bd",
"email": "api@wepay.com",
"scope": "manage_accounts,collect_payments,view_user,send_money,preapprove_payments",
"first_name": "Bill",
"last_name": "Clerico",
"original_ip": "74.125.224.84",
"original_device": "Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_6_6; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.102 Safari/534.13",
"tos_acceptance_time": 1209600
}
Response
| Response | Type | Description |
| user_id | Integer (64 bits) | The unique integer user ID of the user. |
| access_token | String (255 chars) | The string access token that you can use to make calls on behalf of the user. |
| token_type | String (255 chars) | The token type. Only BEARER is currently supported. |
| expires_in | Integer (64 bits) | How much time till the access_token expires in seconds. If null or not present, the access token will be valid until the user revokes the access_token. |
Example
{
"user_id": 567235,
"access_token": "STAGE_abcdefghijklmnopqrstuvwxyz1234567890",
"token_type": "BEARER",
"expires_in": 1209600
}
/user/send_confirmation
For users who were registered via the /user/register call, this API call must be used to send the registration confirmation email. This call can also be used later to resend the registration confirmation email as needed.
The access_token returned by the associated /user/register call must be passed in the authorization header.
Arguments
| Parameter | Required | Type | Description |
| email_message | No | String (65535 chars) | A short message that will be included in the email to the user. |
| email_subject | No | String (255 chars) | The subject line of the email. |
| email_button_text | No | String (255 chars) | The text on the button in the confirmation email. |
Example
{
"email_message": "Welcome to my application."
}
Response
| Response | Type | Description |
| user_id | Integer (64 bits) | The unique ID of the user. |
| first_name | String (127 chars) | The first name of the user. |
| last_name | String (127 chars) | The last name of the user. |
| String (255 chars) | The email address of the user. | |
| state | String (255 chars) | Either registered if the user has registered with another application, or pending if the user still needs to confirm their registration.
Note: Attempts to call /user/send_confirmation to a user that already registered with that same application will return an error.
|
Example
{
"user_id": 12345,
"first_name": "Bill",
"last_name": "Clerico",
"email": "api@wepay.com",
"state": "pending"
}