LogoWhatPeoplePayFor

Authentication

All API requests require a Bearer token in the Authorization header. Tokens are API keys that you create and manage from the dashboard.

How it works

Every request to the WhatPeoplePayFor API must include an Authorization header with a Bearer token:

Authorization: Bearer wpp_live_abc123...

The API validates your key on every request. Invalid, expired, or revoked keys return an error response immediately.

API key format

All API keys use the prefix wpp_live_ followed by a random string. This prefix makes it easy to identify WhatPeoplePayFor keys in your environment and prevents accidental use of test keys in production.

wpp_live_a1b2c3d4e5f6...

Managing API keys

Create and manage your API keys from the dashboard.

Creating a key

  1. 1. Sign in to the dashboard
  2. 2. Navigate to the API Keys section
  3. 3. Click "Create API Key"
  4. 4. Copy the key immediately — it is only shown once

Revoking a key

To revoke a key, go to the API Keys section in the dashboard and click the delete button next to the key. Revoked keys return a 403 error immediately.

Example request

curl -H "Authorization: Bearer wpp_live_abc123..." \
  https://api.whatpeoplepayfor.com/agent/bootstrap

Error responses

Authentication errors return standard HTTP status codes with a JSON body:

401 — Invalid or missing key

The Authorization header is missing or the key is not recognized.

{
  "error": {
    "code": "UNAUTHORIZED",
    "message": "Invalid or missing API key"
  }
}

403 — Expired or revoked key

The key was valid but has been revoked or has expired.

{
  "error": {
    "code": "FORBIDDEN",
    "message": "API key has been revoked or expired"
  }
}