Your app must authenticate Wix API calls using the OAuth protocol. You can choose from two options:
OAuth authentication follows the OAuth Client Credentials protocol. Using this approach, you don’t need to implement an OAuth handshake for each installation of your app. Instead, your app can directly request an access token by calling Create Access Token with the following values:
OAuth has the following advantages compared to custom authentication (legacy):
To get started, see Authenticate Using OAuth.
Wix offers custom authentication to allow for more control over user identification and redirection during the app installation process. Your app should use custom authentication whenever you need to redirect your users to a URL outside the Wix ecosystem during the app installation flow. For example, when you need to automatically create an account using the information in the access token.
Custom authentication follows the industry-standard OAuth 2.0 protocol, which provides a secure way for site owners to grant your app permissions. Whenever a site owner installs your app, your app’s code must complete an OAuth handshake. This requires that you set up a server to handle the relevant redirects. Then, you need to store the refresh token for the new app instance in your database. Finally, you can use the refresh token to retrieve an access token and call the relevant Wix API.
With custom authentication, it’s critical that your app saves the refresh token during installation. If the process fails, you’re unable to retrieve access tokens using Refresh an Access Token. Though from the site owner’s point-of-view, it seems that the app installation has succeeded. You have 2 options in this situation: Ask the site owners to re-install your app, or fall back to retrieving access tokens with the OAuth strategy by calling Create Access Token.