In workflows that use mostly site visitor, site member, or Wix user authentication, you may occasionally need to make calls with elevated permissions. You can use the JavaScript SDK to provide specific calls with Wix app authentication.
The process involves two steps:
Important: Exposed elevated function calls create a security risk for privilege escalation attacks. Make sure to protect your exposed function calls with the appropriate logic.
To elevate permissions for API calls:
The first step is to set up your app's backend to handle requests for elevated function calls from your frontend.
To set up your backend:
api.ts
file in your CLI project, import the auth
submodule from @wix/essentials
as well as the module containing the function that you want to make elevated calls to.
1
auth.elevate()
before calling it.
1
Next, send authenticated requests from your site's frontend code to your backend endpoint.
To send requests:
httpClient
submodule from the @wix/essentials
package.fetchWithAuth
. This function automatically signs API calls with an authorization header that identifies the current site visitor, site member, or Wix user.
1
fetchWithAuth()
.1