The auth
submodule allows you to work with Wix authentication and permissions.
This submodule is not intended for use with self-hosted Apps.
elevate()
Creates a copy of a method with the elevated permissions required by the original method.
Some methods are restricted as to who can call them, based on identities and/or permissions. For example, the createProduct()
method can only be called by Wix users, while the confirmBooking()
method can only be called by site collaborators who have certain administrative bookings permissions.
Methods that have authentication restrictions are indicated by an authentication note in their descriptions.
When you need to call a method from a context without the necessary authentication or permissions, create an elevated version of the method and call that elevated method instead.
Due to potential security issues, the elevate() method can only be called in the backend.
Learn more about elevation when:
elevate()
in backend code that can be triggered from the frontend and in code that is exposed as an API to outside callers.
Name | Type | Description |
---|---|---|
sourceFunction | function | SDK function to elevate. |
An SDK function that runs with elevated permissions.
Create a new product with elevated permissions:
getTokenInfo()
Returns the information encoded in the currently active token in backend extensions.
When developing backend extensions for an app or web methods, you might need to access information about the session making the request to your backend.
This information is encoded in the token sent with the request, and can be accessed using getTokenInfo()
. It can include the user ID, the site ID, the instance ID, and more.
A promise that resolves to the token info.
Code for extracting information from a request to a backend extension in a Wix CLI project:
Code for extracting information from a request to a web method: