GuidesAPI EndpointsChangelog
Log In
Guides

Obtaining An Access Token

After a listing has added you as their integrator, your access token —regardless of when it was requested— will automatically grant access to their listing data.

To request an access token, send a POST request to the following endpoint:

POST /auth/token

curl --globoff \
  --request POST \
  --url 'https://api-g.weedmaps.com/auth/token' \
  --header 'accept: application/json' \
  --header 'content-type: application/json' \
  --data '{
    "client_id": "CLIENT_ID_HERE",
    "client_secret": "CLIENT_SECRET_HERE",
    "grant_type": "client_credentials",
    "scope": "taxonomy:read brands:read products:read menu_items menus:write"
  }'

📘

Access Token Duration

Access tokens are valid for 14 days and can be renewed after 7 days. Requesting a new token with the same scopes before the 7-day mark will return the existing token.

Successful Response (201 Created)

{
    "access_token": "ACCESS_TOKEN_HERE",
    "token_type": "Bearer",
    "expires_in": 1209600,
    "scope": "taxonomy:read brands:read products:read menu_items",
    "created_at": 1544211465
}

Scopes

🚧

Important: Always request all required scopes when obtaining an access token.

You are not guaranteed to receive all requested scopes. Tokens may be issued with only a subset—or none—of the requested scopes. Before making API requests, confirm the granted scopes by inspecting the scope field in the token response.


Token Expiration & Renewal Behavior

  • Default expiration: 14 days (1209600 seconds).

  • Early renewal: A new token will only be issued after 50% of the expiration time has passed (7 days by default).

  • Renewal behavior:

    • Requests before the 7-day mark with identical scopes will return the existing token.
    • Requests after the 7-day mark will return a new token.

Token Structure

Access tokens are encoded as JSON Web Tokens (JWT), which include standard and Weedmaps-specific claims. You typically won’t need to inspect these claims, but here’s an example of a decoded token payload:

{
  "jti": "647f69ab-8a98-491a-9406-f7961490dad5",
  "exp": 1591034943,
  "iss": "https://weedmaps.com",
  "wm": {
    "client_id": "BTx4_ILdajRuC0NOG1_2NhRDGmLBleZyYu8d5y6VwfM"
  }
}

For reference, standard claims are described in the JWT public claims registry, and Weedmaps-specific fields are found under the wm claim.


What’s Next

Now that we have a token, lets learn how to use it!