> Portal Navigation: > > - Append `.md` to any URL under `https://dev.wix.com/docs/` to get its markdown version. > - Pages are either content pages (article or reference text) or menu pages (a list of links to child pages). > - To get a menu page, truncate any URL to a parent path and append `.md` (e.g. `https://dev.wix.com/docs/sdk.md`, `https://dev.wix.com/docs/sdk/core-modules.md`). > - Top-level index of all portals: https://dev.wix.com/docs/llms.txt > - Full concatenated docs: https://dev.wix.com/docs/llms-full.txt ## Resource: Fix 403 Errors for API Calls ## Article: Fix 403 Errors for API Calls ## Article Link: https://dev.wix.com/docs/go-headless/develop-your-project/wix-managed-headless/authentication/fix-403-errors-for-api-calls.md ## Article Content: # Fix 403 errors for API calls Some Wix SDK methods return `403 Forbidden` when called with a visitor or member context. This usually happens when the method needs higher permissions than the current identity has. For example, you have a function that returns the 403 error: ```ts const createdItem = await items.insert("uploadedimages", { _id: crypto.randomUUID(), imageTitle: "Example title", uploaderName: "Example uploader" }); ``` In Wix-managed headless projects, fix this by moving the method call to an [HTTP endpoint](https://dev.wix.com/docs/wix-cli/guides/development/http-endpoints/add-http-endpoints-to-your-project.md) and wrapping the SDK method with [`auth.elevate()`](https://dev.wix.com/docs/sdk/core-modules/essentials/auth.md#elevate). This way the frontend calls the HTTP endpoint, and the endpoint calls the protected API on the backend. > **Notes:** > - To determine whether a method requires elevation, check that method's [reference documentation](https://dev.wix.com/docs/api-reference?apiView=SDK.md). > - In self-managed headless use [API keys](https://dev.wix.com/docs/api-reference/articles/authentication/api-keys/about-api-keys.md). ## Step 1 | Create a backend endpoint Create an [HTTP endpoint](https://dev.wix.com/docs/wix-cli/guides/development/http-endpoints/add-http-endpoints-to-your-project.md) in your project, for example: - `src/pages/api/upload-image.ts` ## Step 2 | Import modules In your endpoint file, import: - `APIRoute` from `astro` - `auth` from `@wix/essentials` - The SDK module that contains the method you need ```ts import type { APIRoute } from "astro"; import { auth } from "@wix/essentials"; import { items } from "@wix/data"; ``` ## Step 3 | Wrap the SDK method Expose an endpoint that calls the API method you need: ```ts export const POST: APIRoute = async () => { const createdItem = await items.insert("uploadedimages", { _id: crypto.randomUUID(), imageTitle: "Example title", uploaderName: "Example uploader", }); return new Response(JSON.stringify(createdItem)); }; ``` Wrap the method with `auth.elevate()` before calling it: ```ts export const POST: APIRoute = async () => { const elevatedInsert = auth.elevate(items.insert); const createdItem = await elevatedInsert("uploadedimages", { _id: crypto.randomUUID(), imageTitle: "Example title", uploaderName: "Example uploader", }); return new Response(JSON.stringify(createdItem)); }; ``` ## Step 4 | Call the endpoint from your frontend From frontend code, send a request to your endpoint: ```ts async function uploadImage(payload) { const response = await fetch("/api/upload-image", { method: "POST", headers: { "Content-Type": "application/json" }, body: JSON.stringify(payload), }); const result = await response.json(); } ``` >**Note:** This example is applicable for headless projects only. To call the endpoint in apps, see [Elevate API Call Permissions](https://dev.wix.com/docs/wix-cli/guides/about-the-wix-cli.md). ## See also - [Elevate API Call Permissions](https://dev.wix.com/docs/wix-cli/guides/about-the-wix-cli.md) - [About Elevated Permissions](https://dev.wix.com/docs/api-reference/articles/authentication/about-elevated-permissions?apiView=SDK.md) - [About HTTP Endpoints](https://dev.wix.com/docs/wix-cli/guides/development/http-endpoints/about-http-endpoints.md)