When you call a Wix API from your Headless project, it is called by a specific identity. The type of identity used to make the API call depends either on the access tokens or the API key you use to authenticate the call. When using the Wix JavaScript SDK, you use the tokens or API key to create a Wix client to make API calls. When using the REST API, you provide the tokens or API key for each call you make.
Some methods are restricted based on which identities are authorized to call them. Authorization notes in the SDK and REST references indicate when a method may be restricted by identity.
A Headless project can use the following identities:
Visitors are anonymous visitors to your Headless site or app. Methods that site visitors can call typically involve operations specific to their own experience on the site, such as:
Learn how to work with visitor authentication (SDK | REST).
Members are visitors who are logged in to your Headless site or app. They can call the same methods available to site visitors, plus additional methods that only apply to their site membership.
Learn how to work with members using:
When using an API key to authenticate, you can call methods with stricter authorization requirements. Examples of administrative methods you can call when using an API key are: