Note: This article is only relevant for self-managed headless projects.
This article explains how to implement Wix-managed member login using the JavaScript SDK.
You'll learn how to:
A Wix login page is the simplest way to set up member authentication, as Wix handles the user experience and authentication process. However, you can't change the look and feel of the Wix login page. If you need a custom-branded login experience, create a custom login page or use an external identity provider.
Note: Wix login pages use the OAuth 2.0 protocol with PKCE (Proof Key for Code Exchange) for secure authentication. If you're new to these concepts, see OAuth 2.0 and PKCE explained.
To authenticate and interact with Wix APIs, create a Wix client in your code. Install and import any relevant APIs, such as the Stores Product API.
For example:
Replace <YOUR_CLIENT_ID> with your OAuth app's Client ID from your Headless Settings.
Use your Wix client to generate the data needed for the OAuth flow.
The method takes the following 2 parameters:
The method returns an object with the following properties, used for OAuth 2.0 with PKCE (Proof Key for Code Exchange) security:
codeVerifier for PKCE.Example:
Store the OAuth data securely for use after login. For example, use localStorage or a cookie:
To redirect members to the Wix login:
Request the login URL from your Wix client:
Important: For this request to succeed, you must publish the Wix site connected to your headless project. Wix uses the published site to display the login page. To do this, open your project dashboard, select Design Site from the left panel, and then click Publish.
Redirect the member to the Wix login page:
This redirects site members to the Wix login page, where Wix handles the login process.
Once members log in, Wix redirects them to the redirect URI you specified along with information you can use to confirm the login and generate member tokens for frontend API calls.
If the login was successful, the page's URL contains a fragment that includes code= and state=. If the login failed, the URL contains a fragment that includes error= and error_description=. When the page loads, check for these fragments. If they exist, call a handler function to perform the token exchange.
In your handler function:
Retrieve the stored OAuth data:
Parse the page's URL:
Exchange the code for tokens:
The returned tokens object includes:
Set the tokens on your Wix client to authenticate API calls as the logged-in member:
Access tokens expire after a short time for security reasons. When this happens, you can use a refresh token to request a new access token without asking the member to log in again.
Your API layer should handle this automatically. Set up your logic to detect when an access token has expired, use the refresh token to get a new one, and then retry the original request.
Tip: Don't expose refresh tokens to the browser. For best security, handle token refresh on the server.
To log a member out:
Get the logout URL from your Wix client:
Redirect the member to the logout URL:
This logs the member out and redirects them back to your app.
If you encounter issues with a Wix login page, make sure that:
redirectUri parameter passed to generateOAuthData() is listed in your allowed authorization redirect URIs, and that the values match exactly.