An access token is a unique string of numbers and letters that grants your application access to use the WePay API on behalf of the registered user. This access token is required with most API calls. When you include an access token in an API call, we automatically know the API application and the WePay user for whom the call is being made. Each access token is associated with:
- Your API application
- The WePay environment that your API application is registered with (Production or Stage)
- The merchant you’re making the call for
- The actions that user is allowed to take based on the permissions you’ve set (legacy)
Access Token Security
Access tokens are private, so they should never be shared or passed as a GET or POST argument. You should never email or submit your access token to WePay or a third-party.