Note: This article is only relevant for self-managed headless projects. Wix-managed headless projects handle this automatically.
After you set up an OAuth app for your site or app in your project dashboard, you can begin coding by getting OAuth tokens and using them to make API calls.
There are several ways to generate tokens. Which way you choose depends on the type of user you need tokens for and whether you use a Wix login page or a custom login for members.
- Visitors: To generate tokens for visitors who aren't logged into your site or app, see Handle Visitors.
- Members with a Wix login page: To generate tokens for logged in members using a Wix login page, see Handle Members with Managed Login.
- Members with a custom login page: To generate tokens for logged in members using a custom login page, see Handle Members with Custom Login.
When you generate tokens with any of the above methods, you get two tokens:
- Access token: Access tokens are used to authorize API calls. Every time you make an API call, you need to authorize the call using a valid access token. Access tokens are short-lived. They are valid for 4 hours from the time they are created.
- Refresh token: Refresh tokens are used to get new access tokens after your access tokens have expired. Refresh tokens are long-lived.
Once you have your tokens, you can use them to make API calls. Use the access token in the authorization header when making an API call.