Use OAuth for Authenticating Your App
To authenticate your app's calls to Wix APIs, you need to follow the OAuth protocol. However, you don’t have to perform an OAuth handshake for every installation of your app. Instead, your app can directly request access tokens by providing your app ID, the app’s secret, and the relevant app instance ID.
Step 1 | Set up OAuth
Before your app can call Wix APIs, you need to set up OAuth.
-
Store your app’s secret key in a secure location. You can find the key in your app’s OAuth settings page in the Wix Dev Center. Don’t share the key with anyone or make it public in any way.
-
Optional: Subscribe to the Instance App Installed webhook. This webhook is triggered every time a new user installs your app. Each time the webhook is triggered, save the
instanceId.Tip: If your app doesn’t need to call Wix APIs or manage a list of app installations, you can skip this step. However, subscribing to the webhook is crucial whenever you require mapping to manage resources for every app instance.
-
Optional: Update Wix about the status of your new app instance. At this point, your app instance’s
stateis“Setup Incomplete”. This state is useful if your app requires user input, such as creating an account or configuring parameters for the app to become active. If your app doesn’t require user input, or after the user has completed their part, update your app instance’s state by calling Send BI Event. Make sure to pass{"eventName": "APP_FINISHED_CONFIGURATION"}.
Step 2 | Make API calls with OAuth
After you’ve successfully set up OAuth, you can call the relevant Wix APIs described in our API Reference.
- Request a fresh access token by calling Create Access token.
Pass your app ID, the app’s secret, and the relevant app instance ID in the
raw HTTP request’s
bodyfield. - Use the access token as an authorization header in the relevant API call. The access token is only valid for 5 minutes. Request a new one if it expires.