OAuth2 Account Creation
OAuth2 is a process by which you can get a merchant’s permission to do things on their behalf, like process payments for them, view their account balance, refund payments, etc. The end result of OAuth2 is getting an
access_token, which is a secret parameter that lets you act on a specific merchant’s behalf.
Using OAuth2, your platform can easily setup a payment account for your users and get them processing payments quickly with only four fields to fill out - with very little interruption of the user experience and light WePay branding.
If you want to be able to process payments for a merchant, getting an
access_token is always the first step.
A crowdfunding site wants to enable its fundraiser to collect donations. The crowdfunding site first needs to be able to create a WePay payment account for each fundraiser. This allows the fundraiser to charge credit cards and have the money collected sent to their WePay account, where they will view account balances, refund payments, withdraw money, etc. To do this easily, the crowdfunding site uses OAuth2 to get permission from the fundraiser to do all of this automatically.
At WePay, fundraisers are the merchants and donors are the payers and we’ll use those terms below.
This is what the user experience for OAuth2 looks like. Click here to create your WePay account.
There are 4 steps to OAuth2:
- The merchant clicks on the OAuth2 button on your site and confirms with WePay that they want to grant you permission to process payments for them.
- The merchant confirms and you receive a temporary
- You exchange the temporary
codeparameter with WePay for a permanent
access_tokenthat will let you do things on the merchant’s behalf.
- Make the /account/create call with the
access_tokenfrom step 3 to get an
The first step is to put the OAuth2 button embed code on your site. Below, is an example of the embed code. Make sure you replace the
client_id with your own app’s
The user will click on the button and be presented with a co-branded popup where they confirm that they want to give you permission to process payments on their behalf. To do so they will either login (if they already have a WePay account), or register (if they do not have a WePay account already).
As a Best Practice, we recommend asking for all necessary Scope up-front. See our best practices for more information.
After the user clicks “Grant Access” in the OAuth2 popup above, it will call whatever callback function you specified. The 1st parameter passed to the callback function will be a data JSON object which has a
code property. You should pass this
code parameter to your server where it will be used in step 3 to get an
Now that you have passed the temporary
code parameter to your server, you can use it to get a permanent
To do so, you will make the /oauth2/token API call. You will pass your
client_secret, the temporary code parameter, and whatever
redirect_uri you specified in step 1.
The response to this call will include an
access_token is a permanent parameter that will let you make API calls on behalf of the merchant. You should store this
access_token in your database, and take steps to keep it secure (treat it like you would a hashed password).
Each merchant requires a payment account in order to start processing payments. A payment account has its own transaction history and account balance. Once you have an
access_token for each merchant, you’ll want to create a payment account for each merchant.
All you need to do is make the /account/create call with the merchant’s
access_token. The account name that you specify will be used on receipts and on the credit card statement for payments made to this account.
You will receive back an
account_id which you should store in your database. You will use the merchant’s
access_token when making payments with the /checkout/create call (for example). You can also use the
account_id to look up the account balance and status.
As a Best Practice, we recommend using a recognizable account name during account creation, as this is what appears in a payer’s credit card statement. As such, a unrecognizable account name could lead to returned funds. Read more here
Now that you have an
account_id and an
access_token, you can help the merchant accept payments. Read the process payments overview for information on how to do that.