All calls on Whop are made on behalf of a user, and a company ID if applicable, as followed below. 
export const whopApi = WhopApi({
  appApiKey: process.env.WHOP_API_KEY ?? "fallback",
  onBehalfOfUserId: 'YOUR_USER_OR_AN_AGENT_USER',
  companyId: undefined,
});

// fetch another user

await whopApi.FetchPublicUser({ userId: winningUser })
You are able to make calls on behalf of any user using your app.