Add a service plugin (formerly SPI) extension to your app in your app's dashboard to extend the functionality of a Wix site.
With service plugins, your app can:
It's important to note before getting started that your implementation must match the API specification exactly as documented. This ensures that as a service provider, Wix can use your response in its flow.
This integration includes the request envelope and signature validation as follows:
Each request that your endpoint receives is wrapped in an envelope with metadata and signed.
The payload that your endpoint receives is in JSON web token (JWT) format, with the following structure:
The metadata
in the envelope is common to all service plugin endpoints, although some attributes may only appear in specific endpoints.
The envelope attributes are:
requestId
- A unique identifier of the request. You may print this ID to your logs to help with future debugging and easier correlation with Wix's logs.instanceId
- The service provider app's instance ID.currency
- ISO 4217 3-letter currency code.languages
- A string that represents the country and language in which the response from the service provider is expected to be returned in concatenated ISO 639-1: 2 Alpha language-code and ISO 3166-1: 2 Alpha country-code format, such as "en-US"
.identity
- An object that describes the identity that triggered this request, with the following structure:As explained above, the request payload is a signed JWT. To avoid an attack where a malicious 3rd party is sending you requests pretending to come from Wix, you must verify the JWT, as follows:
aud
claim matches your application ID.iss
claim is set to wix.com
.iat
claim is set to a timestamp before the current timestamp on your server.exp
claim is set to a timestamp after the current timestamp on your server.We recommend that you use a standard library to parse and validate the JWT. There are libraries available for all popular languages. Check out the official JWT site.
Follow these steps to add a service plugin to your app.
Select an app from the Custom Apps page in your Wix Studio workspace.
Go to the Extensions page, and click + Create Extension.
Filter by tag, or search to find the extension you want to add.
Select the relevant extension and click + Create.
In the JSON editor, configure the parameters by referencing the Documentation section on the right side of the page. For each parameter, add the parameter name and value in the JSON editor.
Click Save.
Note: For some legacy service plugins, configuration might be managed elsewhere. Refer to the documentation of the specific service plugin you are implementing for instructions.
Some flows require you to send asynchronous events (webhooks) to Wix. These flows are documented in the service plugin reference. For an example, see the Payment Service Provider service plugin.
To report an event, you must call the endpoint that appears in the service plugin reference and send the required payload.
Every call must include an Authorization
header with an access token as its value.
Before you can obtain an access token, your app must have the appropriate permissions. To get these permissions, contact the Wix team mentioned in the specific documentation and confirm that your app has the necessary permission.
To obtain an access token, send a POST
request to this endpoint:
Include this header:
The body of the request must be a JSON object with following format:
You can find your app ID and secret key in the OAuth page in your app's dashboard.
The response to the request has a body with the following format:
Use the value for access_token
as the value for the Authorization
header in your event requests.
Notes:
"grant_type"
values can't be used to send webhooks.