Some Wix SDK methods return 403 Forbidden when called with a visitor or member context. This usually happens when the method needs higher permissions than the current identity has.
For example, you have a function that returns the 403 error:
In Wix-managed headless projects, fix this by moving the method call to an HTTP endpoint and wrapping the SDK method with auth.elevate(). This way the frontend calls the HTTP endpoint, and the endpoint calls the protected API on the backend.
Notes:
Create an HTTP endpoint in your project, for example:
src/pages/api/upload-image.tsIn your endpoint file, import:
APIRoute from astroauth from @wix/essentialsExpose an endpoint that calls the API method you need:
Wrap the method with auth.elevate() before calling it:
From frontend code, send a request to your endpoint:
Note: This example is applicable for headless projects only. To call the endpoint in apps, see Elevate API Call Permissions.