OAuth Apps: Sample Use Cases & Flows

This article shares some possible use cases your app could support, as well as a sample flow that could support each use case. This can be a helpful jumping off point as you plan your app's implementation.

Connect a custom template on any platform to an existing Wix project

You can create a frontend template, on an external platform, that takes advantage of business solutions on a Wix project.

For any external app or site to access a Wix project's data, it must be authorized in advance by creating an OAuth app. To enable project owners to connect a site or app built on your template to their existing Wix project data, follow these steps:

  1. Create a template on any platform and integrate API calls from the Wix JavaScript SDK to access and manage business solutions in a Wix project.
  2. Create a Wix app that a project owner can install.
  3. Make sure your app requests the Manage OAuth Apps permission scope.
  4. Obtain the domain name for the deployment of the site or app built on the template.
  5. In your app code, call Create OAuth App. Specify a name and optional description that identify the client clearly. In the allowedDomains array, provide the deployment domains from the previous step.
  6. Store the returned OAuth app's id securely.
  7. Assign the ID to a secure environment variable in the template code. The template can now access the Wix project's data.

Change allowed redirect domains for an external client app or site

Whenever an external client redirects a user to Wix for authentication, the client provides a URL for Wix to redirect the user back to after authentication. To ensure security, Wix only redirects the user if the domain has been approved in advance in the OAuth app's settings. To update an external client's approved URLs, follow these steps:

  1. Make sure you have the OAuth app ID for the external client.
  2. Obtain a complete list of domains to approve for the external site or app.
  3. Call Update OAuth App with the OAuth app ID as a path parameter. Pass all approved domains in the oAuthApp.allowedDomains body parameter, and pass ["allowedDomains"] in the mask.paths body parameter.
  4. The external app or site can now provide any redirect URL from the updated list.
Did this help?