Your app must authenticate Wix API calls using the OAuth protocol.
By default, OAuth authentication follows the OAuth Client Credentials protocol. Using this approach, you don’t need to implement an OAuth handshake for each installation of your app. Instead, your app can request access tokens directly by passing the following values:
Tip: To find your app ID and app secret, go to OAuth in your app's dashboard.
To get started, see Use OAuth.
Wix offers advanced OAuth settings to allow for more control over user identification and redirection during the app installation process. We recommend that your app use advanced OAuth whenever you need to redirect your users to a URL outside the Wix ecosystem during the app installation flow. For example, when your users can’t create an account for your app in the Wix dashboard.
Advanced OAuth follows the industry-standard OAuth 2.0 protocol, which provides a secure way for site owners to grant your app permissions. Whenever a site owner installs your app, your app’s code must complete an OAuth handshake. This requires that you set up a server to handle the relevant redirects. Then, you need to store the refresh token for the new app instance in your database. Finally, you can use the refresh token to retrieve an access token and call the relevant Wix API.
With Advanced OAuth, it’s critical that your app saves the refresh token during installation. If the process fails, you’re unable to retrieve access tokens using Refresh an Access Token. Though from the site owner’s point-of-view, it seems that the app installation has succeeded. You have 2 options in this situation: Ask the site owners to re-install your app, or fall back to retrieving access tokens with the basic OAuth strategy by calling Create Access Token.
Basic OAuth has the following advantages compared to advanced OAuth:
To get started, see Use Advanced OAuth.