> Portal Navigation:
> 
> - Append `.md` to any URL under `https://dev.wix.com/docs/` to get its markdown version.
> - Pages are either content pages (article or reference text) or menu pages (a list of links to child pages).
> - To get a menu page, truncate any URL to a parent path and append `.md` (e.g. `https://dev.wix.com/docs/sdk.md`, `https://dev.wix.com/docs/sdk/core-modules.md`).
> - Top-level index of all portals: https://dev.wix.com/docs/llms.txt
> - Full concatenated docs: https://dev.wix.com/docs/llms-full.txt

## Resource: About the Astro Integration

## Article: About the Astro Integration

## Article Link: https://dev.wix.com/docs/go-headless/wix-managed-headless/authentication/about-the-astro-integration.md

## Article Content:

# About Wix's Astro Integration

Wix's Astro integration is the extra layer you get when you build a Wix-managed headless project with [Astro](https://astro.build/). On top of the managed infrastructure that every Wix-managed project gets, the integration adds two capabilities:

- **Automatic authentication**: Visitor sessions, member login, and token management are handled for you, so you can call [Wix JavaScript SDK](https://dev.wix.com/docs/sdk.md) methods directly with no client setup.
- **Extensions**: Add backend logic and dashboard UIs that run on Wix infrastructure.

If you [deploy your own existing frontend](https://dev.wix.com/docs/go-headless/get-started/quick-starts/wix-managed-headless/quick-start-from-your-own-frontend.md) instead, Wix still hosts and runs your site, but you create a client and set up authentication yourself like in [self-managed headless](https://dev.wix.com/docs/go-headless/self-managed-headless/authentication/about-authentication.md).

## Automatic authentication

When you create a project with the Astro integration, a [private app](#your-projects-private-app) is configured as your project's OAuth handler. Its credentials are stored as environment variables in your project, and the hosting infrastructure uses them to authenticate your API calls.

As a result, you don't need to:

- Create an OAuth app in the Wix dashboard.
- Set up a Wix client in your code.
- Generate, refresh, or store access tokens.
- Write session management logic.

You import a Wix SDK module and call its methods directly. For an example, see [Calling Wix APIs](#calling-wix-apis).

### Visitor sessions

Anonymous visitors are automatically authenticated with visitor-level permissions. The hosting infrastructure's session management middleware generates and manages visitor tokens in the background and persists session data using cookies, so:

- Visitors can add items to a shopping cart, and the cart persists across page views.
- Visitors can start a bookings flow and continue it on another page.
- Session data carries over as visitors navigate your site, without you writing any state management code.

This works out of the box for every project built with the Astro integration.

### Member login

For members who need to log in, the integration provides built-in login routes that handle the entire flow: redirecting to the Wix login page, exchanging tokens, and managing the authenticated session. You link to these routes from your frontend, and the integration takes care of the rest.

Once a member is logged in, their identity is available to subsequent API calls, enabling features like viewing order history, managing account settings, or accessing member-only content.

To learn how to add member login to your project, see [Handle Member Login Using Wix's Astro Integration](https://dev.wix.com/docs/go-headless/wix-managed-headless/authentication/handle-member-login-using-wix-s-astro-integration.md).

## Calling Wix APIs

With authentication handled for you, calling a Wix API takes three steps: install the SDK package for the API you need, import it, and call the method.

For example, to retrieve a list of site members:

```ts
import { members } from "@wix/members";

const memberList = await members.listMembers();
```

You don't create a Wix client or pass tokens manually. This pattern works for any [Wix JavaScript SDK](https://dev.wix.com/docs/sdk.md) module. Browse the [Wix API Reference](https://dev.wix.com/docs/api-reference?apiView=SDK.md) to see what's available.

## Elevated permissions

Some SDK methods require higher permissions than the visitor or member making the request. For example, reading business data or other site-wide data may require app-level permissions. By default, your code runs with the current visitor's (or member's) permissions, so calling these methods returns a 403 Forbidden error, even from backend code, because the identity, not the location of the call, is what's missing the permission.

To raise permissions for a specific call, wrap the SDK method with [`auth.elevate()`](https://dev.wix.com/docs/api-reference/articles/authentication/about-elevated-permissions.md) so it runs with the app's permissions instead of the visitor's. Elevation can only run on the server, so the call must live in backend code, such as an [HTTP endpoint](https://dev.wix.com/docs/build-apps/develop-your-app/develop-an-app-with-the-cli/supported-extensions/backend/http-endpoints/about-http-endpoints.md).

For step-by-step instructions, see [Elevate API Call Permissions](https://dev.wix.com/docs/go-headless/wix-managed-headless/authentication/elevate-api-call-permissions.md). For troubleshooting 403 errors, see [Fix 403 Errors for API Calls](https://dev.wix.com/docs/go-headless/wix-managed-headless/authentication/fix-403-errors-for-api-calls.md).

## Extensions

Extensions let you run custom code and UIs on Wix infrastructure alongside your frontend. Use them to handle events like order placements, customize business logic, and build dashboard UIs. Each extension you add is registered to your project's [private app](#your-projects-private-app).

Extensions are available only with the Astro integration. They aren't currently supported when you deploy your own existing frontend.

To learn what you can build, see [About Extensions](https://dev.wix.com/docs/build-apps/develop-your-app/develop-an-app-with-the-cli/supported-extensions/about-extensions-in-the-wix-cli.md).

## Your project's private app

Both automatic authentication and extensions are powered by a private app that's configured for you when you create your project—you never set it up or manage it yourself. It serves two roles:

- **Authentication**: It acts as your project's OAuth handler, which is how API calls are authenticated automatically.
- **Extensions**: It's where your [extensions](#extensions) are registered. When you add an extension, it's added to this app.

The private app is tied to your project and can't be shared with other projects or published to the Wix App Market.

## See also

- [Handle Member Login Using Wix's Astro Integration](https://dev.wix.com/docs/go-headless/wix-managed-headless/authentication/handle-member-login-using-wix-s-astro-integration.md)
- [Elevate API Call Permissions](https://dev.wix.com/docs/go-headless/wix-managed-headless/authentication/elevate-api-call-permissions.md)
- [Fix 403 Errors for API Calls](https://dev.wix.com/docs/go-headless/wix-managed-headless/authentication/fix-403-errors-for-api-calls.md)
- [About Extensions](https://dev.wix.com/docs/build-apps/develop-your-app/develop-an-app-with-the-cli/supported-extensions/about-extensions-in-the-wix-cli.md)