When you use site visitor, site member, or Wix user authentication (SDK | REST), you can only make calls to APIs that allow calls from those identity types. In some app workflows, you may be making API calls with site visitor or site member authentication, but occasionally need to call APIs that require the elevated level of a Wix app identity for authentication. This can happen when coding in a frontend environment such as a site extension or a dashboard extension.
For example, if an app includes a site widget, most of the API calls made from the extension are probably APIs that can be called with site visitor or member authentication, such as Create Booking (SDK | REST) to create a booking for the current visitor or member. However, the app may also need to call related APIs that require Wix app authentication, such as Confirm Booking (SDK | REST) which cannot be called when authenticating as a visitor or member.
In these cases, you can elevate the permissions of specific API calls in your workflow to use Wix app authentication. Elevating permissions for specific API calls allows you to move seamlessly between authentication types within your app's code.
You can only elevate permissions in your app's backend code. You can elevate the permissions for an API call by sending an authenticated request to an endpoint or method exposed in your app's backend code. The backend code makes an elevated API call and returns the response to your frontend.
The way that you elevate permissions depends on:
Note: Elevating permissions for an API call works the same way in Wix Blocks as it does when developing websites.