The OAuth 2 API allows your app to manage tokens that you can use to authenticate Wix API calls. By default, OAuth authentication follows the OAuth Client Credentials protocol.
With the OAuth 2 API, you can:
Learn more:
It's important to note the following points before starting to code:
"authorization"
header to make authenticated calls to Wix APIs. All Wix access tokens are of type "Bearer"
. Learn more about access token types.Creates your app’s refresh token and an initial access token.
Important: This endpoint is relevant only for custom authentication (legacy). It isn’t relevant for OAuth.
Wix sends your app the authorization code after a new user has completed the installation process and given your app permission to access their data.
You must pass the authorization code, your app ID, your app’s secret key, and {“grant_type”: “authorization_code”}
to create the refresh token and an initial access token.
Request type. You must pass "authorization_code"
to request a custom authentication (legacy) refresh token and an initial access token.
Your app ID, as defined in the Wix Dev Center.
Your app's secret key ID, as defined in the Dev Center.
The authorization code that your app has received from Wix
curl -X POST \
'https://www.wixapis.com/oauth/access' \
-H 'Content-Type: application/json' \
-d '{
"grant_type": "authorization_code",
"client_id": "<APP_ID>",
"client_secret": "<APP_SECRET_KEY>",
"code": "<AUTH_CODE>"
}'
{
"access_token": "<SAMPLE_ACCESS_TOKEN>",
"refresh_token": "<SAMPLE_REFRESH_TOKEN>"
}
Creates a new access token.
Important: This endpoint is relevant only for custom authentication (legacy). For OAuth, use Create Access Token.
You must pass your app ID, your app’s secret key, the refresh token, and {“grant_type”: “refresh_token”}
to create a new access token.
Request type. You must pass "refresh_token"
to request a new access token when using custom authentication (legacy).
Your app ID, as defined in the Wix Dev Center.
Your app's secret key ID, as defined in the Dev Center.
Your app instance’s refresh token.
Your app instance’s refresh token that never expires. Identical to the one that you’ve sent in the request.
Created access token that you can use to make Wix API calls. It expires after 5 minutes.
curl -X POST \
'https://www.wixapis.com/oauth/access' \
-H 'Content-Type: application/json' \
-d '{
"grant_type": "refresh_token",
"client_id": "<APP_ID>",
"client_secret": "<APP_SECRET_KEY>",
"refresh_token": "<REFRESH_TOKEN>"
}'
{
"access_token": "<SAMPLE_ACCESS_TOKEN>",
"refresh_token": "<SAMPLE_REFRESH_TOKEN>"
}
Creates an access token.
Important: This endpoint is relevant for OAuth only. For custom authentication (legacy), use Refresh an Access Token.
The endpoint accepts raw HTTP requests. You must pass the request's body
parameters formatted as bytes in the raw HTTP request's body
field,
following this template:
{"grant_type": "client_credentials", "client_id": "<APP_ID>", "client_secret": "<APP_SECRET_KEY>", "instance_id": "<INSTANCE_ID>"}
.
When the call succeeds, Wix returns {"statusCode": 200}
and the created access
token in the body
field of the raw HTTP response.
In case the call fails, Wix returns the relevant 4XX
error code in the raw
HTTP response's statusCode
field and details
about the error in body
. Error details follow the
conventions of the Internet Engineering Task Force (IETF).
Request type. You must pass "client_credentials"
to request a new access token when using basic OAuth.
Your app ID, as defined in the Wix Dev Center.
Your app's secret key ID, as defined in the Dev Center.
The instance ID of your app for which you want to create the access token. Subscribe to the Instance App Installed webhook to receive a notification including the new app instance ID whenever a version of your app is installed on a Wix site.
Created access token.
Type of the created access token. Always ”Bearer”
. Learn more about access token types.
Time the access token expires in seconds. Always 14400
(4 hours).
curl -X POST 'https://www.wixapis.com/oauth2/token' -H 'Content-Type: application/json' -d '{
"grant_type": "client_credentials",
"client_id": "<APP_ID>",
"client_secret": "<APP_SECRET_KEY>",
"instance_id": "<APP_INSTANCE_ID>"
}'
{
"access_token": "<SAMPLE_ACCESS_TOKEN>",
"token_type": "Bearer",
"expires_in": 14400
}
Retrieves information about a specific access token.
Access tokens are specific to a subject and a client. A client (app) creates and issues an access token to a subject. The client may request a valid token from a subject to perform a certain action, such as an API call.
This endpoint works with both OAuth and custom authentication tokens.
Access token.
Whether the token is active.
Type of subject to which the token is issued.
ID of the subject to which the token is issued.
Token expiration timestamp.
Token issue timestamp.
ID of the app that created the token, as defined in the Wix Dev Center.
ID of the account that created the token, as defined in the Wix Dev Center.
ID of the site to which the token is issued.
The instance ID of the app that the access token was created for. Subscribe to the Instance App Installed webhook to receive a notification including the new app instance ID whenever a version of your app is installed on a Wix site.
curl -X POST ֿ
'https://www.wixapis.com/oauth2/token-info'
-d '{
"token": "OauthNG.JWS.eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9"
}'
{
"active": "true",
"subjectType": "APP",
"subjectId": "a8098c1a-f86e-11da-bd1a-00112444be1e",
"exp": "1715096067",
"iat": "1715081667",
"clientId": "7f58c233-72b6-4e45-889c-56aca8dbb2ba",
"siteId": "65c5e710-5e64-4b54-a807-237a554d28a7",
"instanceId": "1ec48d1e-1919-4b9f-8e08-f7a242fdbf52"
}