By including an access_token in an API call, we automatically know the API application and the WePay user for whom the call is being made. It also tells us that you have authorization to act on behalf of that user.
You will need access tokens to authorize any calls you make related to:
- Your API application
- The user you are acting on behalf of (for merchants, this is yourself)
- The permissions your app has for that user
Access_tokens are considered to be very confidential materials and should not be passed through unsecured media.