Using the HTTP API


The HTTP API allows you to send and receive requests from your server to Wix.

How Does it Work?

Every call to the HTTP API shares a common entry point:

To enable Wix to identify the site and application calling the HTTP API, all HTTP calls must be authenticated. Wix uses an HMAC scheme and requires HTTPS to ensure the integrity and authenticity of each request.

When issuing a HTTP request, your request must be signed with your secret key, and include the request parameters either as query parameters or as headers.

Request Parameters

Every call is sent with a digital signature in the x-wix-signature header, for authentication purposes.

To encode the signature:

  1. Sort all request parameters by parameter name (in ascending alphanumeric order) and concatenate their values with only a line break (n) as a separator. The request parameters include the following:
    a. Query parameters, all except for the signature parameter
    b. All headers with the prefix x-wix-, except the x-wix-signature header. For multivalue parameters, values should be trimmed and concatenated using a comma (,).
  2. Concatenate, in the following order, and separate by a line break (n)
    a. HTTP method, converted to uppercase
    b. HTTP request’s URL path, without the host
    c. All values from the sorted request parameters (the output of #1)
    d. The request body
  3. Compute the HMACSHA-256 of the combined information using your app secret key.
  4. Encode the hash to a Base64 string.
  5. Add the signature as the query parameter signature or as the x-wix-signature header.
Working with Data

For endpoints that return large amounts of data, the HTTP API employs a technique called cursoring to navigate large sets of data. Cursoring separates result data into pages of a fixed size and provides a way to move forwards and backwards through these pages.

For initial calls to APIs that support cursors, it is possible to either omit the cursor parameter or to pass a cursor with the value of -1. Each call to a cursoring-enabled endpoint will return a JSON object that includes a cursor to the previous page, a cursor to the next page and an array containing the data for the current page. If either the next or previous page does not exist, the value of the cursor will be 0.

All cursors are associated with the initial data request and expire within 30 minutes.

Data cursor:


All API errors from the HTTP API use standard HTTP error codes, as well as a JSON response containing information relevant to the error.

Wix API Error Example

 Standard API Errors

HTTP Error CodeDescriptionArea 

Was this page helpful?

What can we do to improve it?

What did you like about it?