About Identities

Each request to a Wix API is associated with a specific identity type, which determines access permissions. If a method has identity restrictions, the method reference will include a note specifying the allowed identity types. Different contexts also limit the identities that can make a given call. For example, apps can only make calls as apps, not as visitors or members.

Wix's identity types include:

Note: Additional identities are supported for app flows using the SDK.

Site visitor

An anonymous site visitor who hasn't logged in. Methods that can be called by this identity usually involve operations specific to a particular visitor. These include accessing a list of products, creating and managing a cart, or accessing a login page to authenticate as a member.

Context:

  • Headless flows can make calls as site visitors.

Site member

A site member who has logged in. Methods that can be called by this identity usually involve operations specific to a registered member. These include accessing or managing personal data.

Context:

  • Headless flows can make calls as site members.

Wix user

A Wix user is someone who is logged into their account on .wix.com. Users can be site owners or site collaborators, as well as app owners and collaborators who create test sites. Users who create a site are automatically designated as the owner of that site.

Methods that can be called by this identity usually involve site maintenance operations. These include managing site products, media, and marketing campaigns.

Site owners can invite collaborators and assign them specific user roles to control permissions. In this case, the methods that the app can access when making calls as a collaborator are limited by the collaborator's user roles.

Context:

Wix app

Wix apps are packages of reusable functionality that users can add to their sites. When an app is installed or updated on a Wix site, Wix generates an app instance with a unique ID. This ID represents the installed version of the app on that particular site. A call authenticated with the Wix app identity is a call made by an app for a specific app instance.

Methods that can be called by this identity usually involve site-level operations. These include managing the site's data collections, contacts, or products.

Each method requires certain permissions when called by a Wix App. To check which permissions a method requires, refer to its API reference.

Learn more about configuring app permissions.

Context:

  • Apps can make calls as apps.

API key admin

An admin with customized administrative access to a Wix account's sites and projects. API keys are created and managed in the API Keys Manager where site owners and co-owners can assign a set of permissions that determine the types of APIs each key can access.

Methods that can be called by this identity can involve administrative operations at the site or account level. These include managing members or business data.

Because API keys must be created by the site owners or co-owners, and passed manually to any developer who wants to use them, they aren't recommended for apps.

Context:

  • Headless flows can make calls as API key admins.
  • Site admin flows can make calls as API key admins.
  • Channel and Enterprise admin flows can make calls as API key admins.

Methods with restricted identities

By default, methods can be called using any identity. In cases when there are restrictions on which identities can call a method, one of the following notes appears in the reference:

Admin Method You can only call this method when authenticated as a Wix app or Wix user identity.

Note: Only logged-in members can call this method without elevated permissions. To call this method as a different identity, elevated permissions are required.

Did this help?