While building an app, you often need to use your own APIs, employ third-party APIs, and work with a database.
In order to do these things in a secure manner, you need to create your own backend. You can use any server technology you want to create a backend that integrates with your Wix CLI app.
There are a few things you need to keep in mind when implementing your backend:
When making HTTP requests from your app code to your backend, you need to make sure that your backend allows those requests. Your app frontend code is hosted on the Wix App CDN. The app is served from its own wix.run subdomain. To allow your app frontend code to make HTTP requests to your backend, you need to allow CORS requests from your frontend's domain.
Add the following headers to your backend's HTTP responses to allow CORS requests from your app.
Replace <your-app-id> with your app's ID. You can find it in your app's dashboard. Also, only allow the HTTP methods that your app requires.
To enable local development, you also need to allow CORS requests from localhost:5173 or, preferably, from all origins with localhost.
Once you expose a backend API to make it available for your app, you need to make sure that requests to your API are coming from your app and not from malicious users.
For a detailed guide on how to do this, see Authenticate Incoming Requests to Your Backend.
As described in the guide above, when an app sends a request to your server it must include an instance string containing an instanceId, This is the unique ID of the current instance of your app, and can be used to differentiate between the multiple instances of your app when they make requests to the server.