In order to handle site visitor sessions you need to generate, manage, and use visitor tokens. Use these tokens when making requests to Wix APIs on behalf of a visitor to maintain the visitor's session.
Generate new visitor tokens using the Token
endpoint.
When calling the Token
endpoint, send the following parameters:
clientId
: The client ID of the OAuth app your project is using.grantType
: Set as "anonymous"
to get visitor tokens.Note: You can also get tokens using URL-encoded data instead of JSON data.
The Token
endpoint responds with:
access_token
: An access token used to authorize API calls.expires_in
: The number of seconds before the access token expires. Access tokens expire after 4 hours (14,400 seconds).refresh_token
: A refresh token used to get a new access token.Once you have tokens, you can use them to make authenticated calls to APIs on behalf of the current visitor.
If you want to be able to restore the current session at some point later, store your visitor tokens locally, for example in localStorage
, a cookie, or a local file.
For example, after generating a visitor token, you can store it in a cookie with a max age of 4 hours. Then, before making API calls, try reading the token from the cookie.
To renew visitor tokens, call the Token
endpoint again, this time with the following parameters:
refresh_token
: The refresh token returned from the previous call to the Token
endpoint.grantType
: Set as "refresh_token"
to get renewed visitor tokens based off your current refresh token.The Token
endpoint responds with:
access_token
: An access token used to authorize API calls.expires_in
: The number of seconds before the access token expires. Access tokens expire after 4 hours (14,400 seconds).refresh_token
: A refresh token used to get a new access token.