About Elevated Permissions

When you use site visitor, site member, or Wix user authentication, you can only make calls to APIs that allow calls from those identity types. In some app workflows, you may be making API calls with site visitor or site member authentication, but occasionally need to call APIs that require the elevated level of a Wix app identity for authentication. This can happen when coding in a frontend environment such as a site extension or a dashboard extension.

For example, if an app includes a site widget, most of the API calls made from the extension are probably APIs that can be called with site visitor or member authentication. One such call might be a call to createBooking() to create a booking for the current visitor or member. However, the app may also need to call related APIs that require Wix app authentication. One such call might be a call to confirmBooking() which cannot be called when authenticating as a visitor or member.

In these cases, you can use the SDK to elevate the permissions of specific API calls in your workflow to use Wix app authentication. Elevating permissions for specific API calls allows you to move seamlessly between authentication types within your app's code. You can elevate the permissions for an API call by sending an authenticated request to an endpoint exposed in your app's backend code. The backend code uses the SDK to make an elevated API call and returns the response to your frontend. You can only use the SDK to elevate permissions in your app's backend code. The way that you use the SDK to elevate permissions depends on whether your app's backend is using the Wix CLI or self-hosting.

See also

Did this help?