When you use site visitor, site member, or Wix user authentication, you can only make calls to APIs that allow calls from those identity types. In some workflows, you may be making API calls with site visitor or site member authentication, but occasionally need to call APIs that require an elevated level of permissions for authentication, such as Wix user or Wix app.
The use cases for elevating permissions are different for building apps to developing websites.
When building apps, calls to Wix APIs can be restricted based on user identity.
For example, if an app includes a site widget that manages bookings, most of the API calls made from the extension are probably APIs that can be called with site visitor or member authentication. However, the app may also need to call APIs which cannot be called when authenticating as a visitor or member, such as confirmBooking()
. Calls to these APIs require elevation.
Learn more about elevation when building apps.
When developing websites, calls to Wix APIs can be restricted based on user identity or roles and permissions.
For example, if a page on a site manages bookings, it may need to call confirmBooking()
. Only a Wix user with an administrative bookings role can call this method. Therefore, calls to this method from a page's code require elevation.
Learn more about elevation when developing websites.