Authentication Strategies
Share your feedback
Reach out to us with feedback and suggestions to improve the Wix Headless experience, and join the Headless channel of the Devs on Wix Discord community to discuss features and connect with our growing community of developers.
To work with Wix APIs in your Headless site or app, you need to be authenticated to call APIs. There are 2 authentication strategies you can implement when working with Wix APIs.
Visitor and Member OAuth
Use this strategy if you are creating a site or app for use by anonymous visitors or logged-in members.
With Visitor and Member OAuth, your site or app can recognize individual visitors and members and access their data. Operations that access or manage information relating to a current site visitor, such as adding items to the current visitor's cart, require Visitor and Member OAuth.
Example: An online store that handles products, orders, and checkouts.
To get started with this authentication strategy, start by creating an OAuth app.
Admin API Key
Use this strategy if you are creating a site or app that requires administrative access to a Wix site or project's data.
With a Wix API key, you can grant a custom set of permissions to a site or app for accessing or managing business data, including members, orders, products, events, bookings, and more.
Administrative operations at the site or account level, such as creating or deleting members, managing orders for any site visitor, or creating a product, require an API key.
Example: A custom dashboard app for managing a Wix site or project and its member data.
You can also use this strategy to perform non-admin tasks as long as you are doing so in a secure environment where your API key will not be exposed.
Example: Querying products or events from your site or app backend.
To get started with this authentication strategy, start by generating an API key.