Migration Rest Portal

Build Apps

Go Headless

Client

API Preview

Develop Websites

REST

GraphQL (Alpha)

# Access Types and Permissions

When using the Wix REST API, API calls are governed by access types and permissions. These facilitate secure and efficient development by ensuring that APIs can only be accessed by authorized entities.

## Access types

Each endpoint in the REST API can only be called by clients authorized with specific access types.

The following access types indicate which clients can call a function:

- [Visitor](fallback::#visitor)
- [Member](fallback::#member)
- [API Key](fallback::#api-key)
- [Wix App](fallback::#wix-app)

### Visitor

An anonymous site visitor who hasn't logged in. Endpoints requiring this access type typically involve operations specific to a particular visitor but not requiring authentication, such as accessing a list of products, creating and managing a cart, or accessing a login page to authenticate as a member.

### Member

A site member who has logged in. Endpoints requiring this access type typically involve operations specific to a registered member, such as accessing or managing personal data.

### API Key

An admin with customized administrative access to a Wix account's sites and projects. [API keys](fallback::https://support.wix.com/en/article/about-wix-api-keys) are created and managed in the [API Keys Manager](fallback::https://manage.wix.com/account/api-keys) where you can assign a set of permissions that determine the types of APIs each key can access. Endpoints requiring this access type may involve administrative operations at the site or account level, such as managing members or business data. The API key access type can also be used to call many of the same endpoints a client with visitor or member tokens can call.

### Wix App

An app that can be installed on Wix sites. Endpoints requiring this access type can be called by an app if the required permissions are granted by the owner of a Wix site when installing the app. For details, see [Wix App Permissions](fallback::https://dev.wix.com/api/sdk/setup:-wix-apps/permissions).

## Permissions

When a Wix App is installed on a Wix site, the app may need to access and manage some of the site's data. To enable this, the site owner must grant the required permissions scopes to the app when installing it.

Each function in the Wix REST API requires certain permissions when called by a Wix App. To check which permissions a function requires, refer to the API Reference. You can find each function's required permissions listed in the function's description, under the **Permissions** section.

In the [Wix Dev Center](fallback::https://dev.wix.com/apps), select the particular permissions your app needs. Whenever your app is installed, the site owner is prompted to authorize each of the permissions you select.

> **Note:** It's important to only request the permissions that are necessary for your app's functionality.

For a step-by-step guide on how to select permissions for your Wix App in the Wix Dev Center, see [How to Add Permissions](portalId::299369f5-04da-4409-a0c7-b98870755002resourceId::7fa83e3b-4e5f-4418-bb27-69ec88e1cc90*fallback::https://devforum.wix.com/kb/en/article/how-to-add-permissions).