Obtaining An Access Token
After a listing has added you as their integrator, your access token —regardless of when it was requested— will automatically grant access to their listing data.
To request an access token, send a POST
request to the following endpoint:
POST /auth/token
curl --globoff \
--request POST \
--url 'https://api-g.weedmaps.com/auth/token' \
--header 'accept: application/json' \
--header 'content-type: application/json' \
--data '{
"client_id": "CLIENT_ID_HERE",
"client_secret": "CLIENT_SECRET_HERE",
"grant_type": "client_credentials",
"scope": "taxonomy:read brands:read products:read menu_items menus:write"
}'
Access Token Duration
Access tokens are valid for 14 days and can be renewed after 7 days. Requesting a new token with the same scopes before the 7-day mark will return the existing token.
Successful Response (201 Created)
{
"access_token": "ACCESS_TOKEN_HERE",
"token_type": "Bearer",
"expires_in": 1209600,
"scope": "taxonomy:read brands:read products:read menu_items",
"created_at": 1544211465
}
Scopes
Important: Always request all required scopes when obtaining an access token.
You are not guaranteed to receive all requested scopes. Tokens may be issued with only a subset—or none—of the requested scopes. Before making API requests, confirm the granted scopes by inspecting the
scope
field in the token response.
Token Expiration & Renewal Behavior
-
Default expiration: 14 days (1209600 seconds).
-
Early renewal: A new token will only be issued after 50% of the expiration time has passed (7 days by default).
-
Renewal behavior:
- Requests before the 7-day mark with identical scopes will return the existing token.
- Requests after the 7-day mark will return a new token.
Token Structure
Access tokens are encoded as JSON Web Tokens (JWT), which include standard and Weedmaps-specific claims. You typically won’t need to inspect these claims, but here’s an example of a decoded token payload:
{
"jti": "647f69ab-8a98-491a-9406-f7961490dad5",
"exp": 1591034943,
"iss": "https://weedmaps.com",
"wm": {
"client_id": "BTx4_ILdajRuC0NOG1_2NhRDGmLBleZyYu8d5y6VwfM"
}
}
For reference, standard claims are described in the JWT public claims registry, and Weedmaps-specific fields are found under the wm
claim.
Updated 4 days ago