Go Headless

Build Apps

Client

API Preview

test

Ricos

Develop Websites

REST

Velo

GraphQL (Alpha)

# Permissions

By default, site visitors can see only public information for
[schedules](fallback::https://dev.wix.com/docs/rest/business-management/calendar/schedules-v3/introduction)
and [events](fallback::https://dev.wix.com/docs/rest/business-management/calendar/events-v3/introduction).
They can't access any personal information. For your app, you can choose the
[permission scopes](fallback::https://dev.wix.com/docs/build-apps/develop-your-app/access/authorization/about-permissions)
that give the necessary access and request which data is returned in each method
of the [Schedules](fallback::https://dev.wix.com/docs/rest/business-management/calendar/schedules-v3/introduction)
and [Events](fallback::https://dev.wix.com/docs/rest/business-management/calendar/events-v3/introduction)
APIs.

## Retrieve personal information

Use the `field` parameter in requests for the Schedules and Events APIs to
customize which fields are included in the response.

| Value passed in `field` | Returned fields and values |
|--------------------------|----------------------------|
| `null` or not provided    | Only non-personal fields are returned. For a list of fields considered personal, see [Events: Fields with personal information](fallback::#events-fields-with-personal-information) and [Schedules: Fields with personal information](fallback::#schedules-fields-with-personal-information). |
| `PI_FIELDS`              | Returns complete objects, including all values. <br/> Requires the `Read Calendars - Including PI` [permission scope](fallback::https://dev.wix.com/docs/build-apps/develop-your-app/access/authorization/configure-permissions-for-your-app). |
| `OWN_PI_FIELDS`          | Returns complete objects, but excludes personal information of anyone other than the caller's [identity](fallback::https://dev.wix.com/docs/build-apps/develop-your-app/access/about-identities) from the returned values. |

### Events: Fields with personal information

In methods of the [Events API](fallback::https://dev.wix.com/docs/rest/business-management/calendar/events-v3/introduction),
the following fields aren’t returned by default:

+ `participants`
+ `conferencingDetails`
+ `notes`
+ `location.name` and `location.address` (if `location.type` is set to `CUSTOMER`)

These fields are only returned if you set `fields` to `PI_FIELDS` or `OWN_PI_FIELDS`
and your app has the necessary permissions.

### Schedules: Fields with personal information

In methods of the [Schedules API](fallback::https://dev.wix.com/docs/rest/business-management/calendar/schedules-v3/introduction),
the following fields aren’t returned by default:

+ `defaultConferencingDetails`
+ `defaultLocation.name` and `defaultLocation.address` (if `defaultLocation.type` is set to `CUSTOMER`)

These fields are only returned if you set `fields` to `PI_FIELDS` or `OWN_PI_FIELDS`
and your app has the necessary permissions.

## Roles

For both [schedules](fallback::https://dev.wix.com/docs/rest/business-management/calendar/schedules-v3/schedule-object)
and [events](fallback::https://dev.wix.com/docs/rest/business-management/calendar/events-v3/event-object),
you can assign roles to [Wix users](fallback::https://dev.wix.com/docs/build-apps/develop-your-app/access/about-identities#wix-users)
giving them specific access to the relevant entity.

This table summarizes permission roles and their access levels:

| Role     | Access Level                             |
|----------|------------------------------------------|
| `WRITER` | Full read and write access.              |
| `COMMENTER` | Full read access, write access limited to `event.notes`. |

### Roles for schedules

To grant a Wix user access to a
[schedule](fallback::https://dev.wix.com/docs/rest/business-management/calendar/schedules-v3/schedule-object),
include the relevant ID in `schedule.permissions.identity.wixUserId` and specify their
role in `schedule.permissions.role`.

### Roles for events

You can assign access levels to
[Bookings staff members](fallback::https://dev.wix.com/docs/rest/business-solutions/bookings/staff-members-and-resources/about-staff-members-and-resources)
associated with an event by specifying their role in the
`event.resources.permissionRole` field. By default, Bookings staff members don't
have access to [classes](fallback::https://dev.wix.com/docs/rest/business-solutions/bookings/terminology#class)
they conduct, as the schedule is linked to the service rather than the individual
staff member.

To check which additional Wix users have access to the
[event](fallback::https://dev.wix.com/docs/rest/business-management/calendar/events-v3/event-object),
refer to the `event.permissions.identity.wixUserId` field along with the
corresponding `event.permissions.role`.

Value passed in `field`	Returned fields and values
`null` or not provided	Only non-personal fields are returned. For a list of fields considered personal, see Events: Fields with personal information and Schedules: Fields with personal information.
`PI_FIELDS`	Returns complete objects, including all values. Requires the `Read Calendars - Including PI` permission scope.
`OWN_PI_FIELDS`	Returns complete objects, but excludes personal information of anyone other than the caller's identity from the returned values.