The Secrets API contains functionality for managing secrets on a site. Secrets managed by this API are available in the Secrets Manager section of a site's dashboard. You can securely store API keys and other secrets on a site. Each secret's value is encrypted and assigned a name of your choice and an ID. You can then use the name or ID to refer to the secret in your backend code rather than hardcoding its value.
Learn more about the Secrets Manager.
With the Secrets API, you can safely:
- Create a secret.
- Delete a secret.
- Update a secret.
- Retrieve a secret value.
- Retrieve other information about your secrets, such as their names and descriptions.
It's important to note the following:
- Before you can create or manage secrets with the Secrets API on a site, the site must have the Wix Members Area app installed. The Members Area isn't required to retrieve secrets with the Get Secret Value method.
- Deleting a secret, or modifying a secret's name or value, breaks all code using the secret.
- You can't create or rename a secret with a name that's already in use.
- If you currently use private keys in your code, we recommend removing them.
- To prevent malicious users from accessing the values of your secrets, use them only in backend code. Avoid using secret values in frontend code.
- When developing websites or using Blocks, don't call List Secret Info in a .web.js file with anonymous permissions. This is a serious security risk which exposes your secrets to potential leaks. To prevent this, call List Secret Info in a separate .js file to block frontend access. If you must call List Secret Info in a .web.js file, make sure the exported function has permissions set to Admin.
- Get an API key and use it to fetch information from a weather service.
- Secret: Secrets are values that you don’t want to be publicly accessible, such as login credentials or API keys.
- API key: An API key is a unique code used to authenticate a user or program when making a call to an API.