OAuth Apps: Sample Use Cases & Flows

This article shares some possible use cases your app could support, as well as a sample flow that could support each use case. This can be a helpful jumping off point as you plan your app's implementation.

Connect a custom template on any platform to an existing Wix project

You can create a frontend template, on an external platform, that takes advantage of business solutions on a Wix project.

For any external app or site to access a Wix project's data, it must be authorized in advance by creating an OAuth app. To enable project owners to connect a site or app built on your template to their existing Wix project data, follow these steps:

  1. Create a template on any platform and integrate API calls from the Wix JavaScript SDK to access and manage business solutions in a Wix project.
  2. Create a Wix app that a project owner can install.
  3. Make sure your app requests the Manage OAuth Apps permission scope.
  4. Obtain the domain name for the deployment of the site or app built on the template.
  5. In your app code, call Create OAuth App. Specify a name and optional description that identify the client clearly. In the allowedDomains array, provide the deployment domains from the previous step.
  6. Store the returned OAuth app's id securely.
  7. Assign the ID to a secure environment variable in the template code. The template can now access the Wix project's data.

Change allowed redirect domains for an external client app or site

Whenever an external client redirects a user to Wix for authentication, the client provides a URL for Wix to redirect the user back to after authentication. To ensure security, Wix only redirects the user if the domain has been approved in advance in the OAuth app's settings. To update an external client's approved URLs, follow these steps:

  1. Make sure you have the OAuth app ID for the external client.
  2. Obtain a complete list of domains to approve for the external site or app.
  3. Call Update OAuth App with the OAuth app ID as a path parameter. Pass all approved domains in the oAuthApp.allowedDomains body parameter, and pass ["allowedDomains"] in the mask.paths body parameter.
  4. The external app or site can now provide any redirect URL from the updated list.

Prevent an existing client app or site from connecting to a Wix project

To prevent a client site or app from accessing a Wix project's data, you can disable its permissions by deleting the OAuth app it connects through. To delete the OAuth app, follow these steps:

  1. Obtain the OAuth app ID used by the client app or site.
  2. Call Delete OAuth App with the OAuth app ID as a path parameter.
  3. The client app or site can no longer connect to the Wix project. If you wish to reactivate its connection in future, create a new OAuth app with Create OAuth App and update the OAuth app ID used in the client app or site code.
Was this helpful?