Use OAuth
Your app must authenticate Wix API calls using the OAuth protocol.
By default, OAuth authentication follows the OAuth Client Credentials protocol. Using this approach, you don’t need to implement an OAuth handshake for each installation of your app. Instead, your app can request access tokens directly by passing the app ID, the app secret, and the relevant app instance ID.
Step 1 | Set up your app to use OAuth
To set up your app to use OAuth for authentication, follow these steps:
-
Save your App ID and App Secret. Find these values in the Dev Center under OAuth. Keep the secret confidential.
-
Subscribe to the App Instance Installed webhook, which is triggered every time a new user installs your app. When the webhook is triggered, save the
instanceId.Note: If your app doesn't require managing resources per app installation, you don't need to save the instance ID. Instead, you can get the instance ID at runtime using alternative methods. For more information, see About App Instances.
-
Optional: Update Wix about the status of your app instance. By default, the app instance
stateis"Setup Incomplete". If your app setup doesn't require user input or has already received it, update the state to"APP_FINISHED_CONFIGURATION"using Send BI Event.
Step 2 | Make API calls
Once you have an app ID, app secret, and app instance ID, you can get an access token via the Create Access Token endpoint. The token is valid for 4 hours.
For detailed guidance on how to authenticate using the REST API, JavaScript SDK, and React SDK, see Authenticate as an App Instance.