This article explains how to authenticate API calls to Wix using OAuth.
Important: Extensions built with Wix Blocks or the Wix CLI handle authentication automatically.
To authenticate, you need the following information:
instanceId) for your app on a site.There are different ways to get the instanceId, depending on your app's logic. The most common methods for getting it to generate an access token are:
instanceId at this point.instanceId.instanceId in the metadata.instanceId.To learn more, see About App Instances.
The authentication process varies depending on whether you use the JavaScript SDK or REST API.
To make an authenticated API request with the JavaScript SDK in a self-hosted extension:
Create a WixClient using the AppStrategy.
Make an API request. The client automatically obtains and includes the access token in the Authorization header. For example, call queryProducts().
Important: The Wix CLI also uses the JavaScript SDK but handles authentication automatically. To make API requests from CLI extensions, use the httpClient.
To make an authenticated API request with the REST API:
Send a request to Create Access Token. Include your app ID, app secret, and instanceId in the HTTP body.
Store the access_token from the response. The token is valid for 4 hours.
Make an API request by including the access_token in the Authorization header. For example, call Query Products.
To migrate from custom authentication to OAuth:
instanceId as described in step 1. We recommend subscribing to the App Instance Installed webhook.