Enterprise Solution: Using Wix API Keys

10 min read
Wix API keys are codes that you can generate to authorize a user or application and give them access to your site and account data.
Use Wix API keys to securely access your site data such as your orders, products, and events. With this data, you can build your own custom functionality to connect Wix business solutions like Wix Stores and Wix Bookings or connect to third-party services. You can also access and update your account-level data, including the ability to create new accounts.
You can manage your API keys in the Settings section of your enterprise dashboard. Generate new keys, rotate or duplicate existing keys, edit their details and permissions, and delete keys that you no longer need.

Understanding Wix API keys

Application programming interfaces (APIs) are communication protocols used for request-and-response interactions between computers. For example, when you log in to your Wix account using an email address and password, an API authenticates your identity with Wix using your credentials.

API keys are codes (also known as strings) that users or applications can send to an API to authorize themselves. If the API key is valid, the API will then give you access to its data. The specific data that you can access is based on the permission set of the API key. 
A screenshot of the permission set of an API key

Using Wix API keys to call Wix APIs

The API keys that you generate in your enterprise dashboard let you use Wix APIs to access and manage your account and site data and to build custom functionality. 
For example, you can fetch a list of products from your store, add a new product to your store, automatically post about that new product on social media and much more.

Generating a Wix API key

You can generate an API key to access your site's data in the Settings section of your enterprise dashboard. 
Important
  • By default, each API key you generate has access to all of the sites in your account. This is because API keys are generated at an account level. 
  • For added security, each API key token you generate is only displayed once when you create it. 
  • It is not possible to view an API key's token again after you close the You generated an API key pop-up. Make sure to store your token in a safe location so you can access it in the future.

To generate an API key:

  1. Go to API Keys in your Enterprise dashboard.
  2. Click + Generate API Key at the top right.
  3. Enter a name for your new API key under Key details
  4. Select the permissions that you want to assign to the API key. 
    • The basic permission to return the IDs of all the sites on your account is selected by default. It cannot be deselected.
    • For security, only add the permissions that you need. Learn more about API security
  5. Click Generate Key.
  6. Click Send Code to send a 6-digit verification code to the email address linked to your account. 
  7. Get your verification code from the email.
  8. Enter the code in the Verify your account pop-up.
  9. Click Verify & Generate Key.
A screenshot of verifying an API Key
  1. Click Copy Token & Close
  2. Store the token in a safe location. 
Tip:
If you need another API key with the same permissions, you can rotate the API key or duplicate the API key.

Rotating a Wix API key

You can rotate an API key to create a new token for it while maintaining the same name, description, and permissions. After you rotate an API key, anyone who previously had access will no longer be able to use it and you will need to share the new token with them.
Important:
  • After you rotate an API key, any user or application that previously used it will immediately lose access to your data. 
  • It is not possible to recover a previous token after you rotate its API key.
Tip:
  • In most cases, it's better to duplicate the API key, add the new token to your API calls, share the new token with any team members that need it, and delete the old API key. 
  • This ensures that APIs that use the key will not have any interruption in service. 
  • We recommend only rotating an API key if you think your key has been compromised

To rotate an API key:

  1. Go to API Keys in your Enterprise dashboard.
  2. Click + Generate API Key at the top right.
  3. Click the More Actions icon  next to the API key you want to rotate.
  4. Select Rotate.
A screenshot of rotating an API key
  1. Click Rotate Key on the pop-up.
  2. Click Send Code to send a 6-digit verification code to the email address linked to your account
  3. Get your verification code from the email.
  4. Enter the code in the Verify your account pop-up.
  5. Click Validate & Rotate Key.
A screenshot of validating a rotated API key
  1. Click Copy Token & Close
  2. Store the token in a safe location. 

Duplicating a Wix API key

You can duplicate one of your existing API keys if you need another API key with the same permissions. After you duplicate a key, you can also edit its description and permissions if you need to customize it further.
Important
  • By default, each API key you generate has access to all of the sites in your account. This is because API keys are generated at an account level. 
  • For added security, each API key token you generate is only displayed once when you create it. 
  • It is not possible to view an API key's token again after you close the You generated an API key pop-up. Make sure to store your token in a safe location so you can access it in the future.

To duplicate an API key:

  1. Go to API Keys in your Enterprise dashboard.
  2. Click the More Actions icon  next to the API key you want to duplicate.
  3. Select Duplicate.
A screenshot of duplicating an API key
  1. Enter a new name for your new API key under Key details. 
  2. (Optional) Edit the permissions that are assigned to the API key. 
    • The basic permission to return the IDs of all the sites on your account is selected by default. It cannot be deselected.
    • For security, only add the permissions that you need. Learn more
  3. Click Generate Key.
  4. Click Send Code to send a 6-digit verification code to the email address linked to your account
  5. Get your verification code from the email.
  6. Enter the code in the Verify your account pop-up.
  7. Click Verify & Generate Key.
A screenshot of verifying a duplicated API key
  1. Click Copy Token & Close.
  2. Store the key in a safe location. 

Editing a Wix API key

You can update the name and permissions of an API key after you create it on its Edit API Key page. 

To edit an API key:

  1. Go to API Keys in your Enterprise dashboard.
  2. Click the More Actions icon  next to the API key you want to edit.
  3. Select Edit.
A screenshot of editing an API key
  1. Edit the API key's name or permissions.
  2. Click Save & Close.
A screenshot of saving changes to an API key
  1. Click Yes, Save Changes to confirm.
  2. Click Send Code to send a 6-digit verification code to the email address linked to your account
  3. Get your verification code from the email.
  4. Enter the code in the Verify your account pop-up.
  5. Click Verify & Save Changes.
A screenshot of verifying changes to an API key

Deleting a Wix API key

You can delete any API keys that you no longer need in the Settings section of your enterprise dashboard. 
Important:
  • Any user or application that previously had access to the API key will lose access to your data after you delete it. 
  • It is not possible to recover an API key after you delete it.

To delete an API key:

  1. Go to API Keys in your Enterprise dashboard.
  2. Click the More Actions icon  next to the API key you want to delete.
  3. Select Delete.
A screenshot of deleting an API key
  1. Click Delete on the pop-up.
  2. Click Send Code to send a 6-digit verification code to the email address linked to your account
  3. Get your verification code from the email.
  4. Enter the code in the Verify your account pop-up.
  5. Click Verify & Delete Key.
A screenshot of verifying deleting an API key

Choosing Wix API key permissions

The permissions that you assign to your API key control the kinds of data that API calls using the key can access.
For example, you can select the Wix Stores permission to only allow access to your site’s store data, including products, orders, and currencies.
Important:
Most permissions automatically give read and write access to your site's data. It's important to only assign the permissions you need to your API key so that you don't give more access to your site data than is necessary. Learn more about permissions and API key security
You can view an API key's permissions by clicking Show permissions next to the key on the API Keys page. 
A GIF of viewing an API keys permission set
You can also edit an API key's permissions at any time if you need to add or remove permissions. 

To edit a key's permissions:

  1. Go to API Keys in your Enterprise dashboard.
  2. Click the More Actions icon next to the API key you want to edit.
  3. Select Edit.
  4. Select the new permissions you want to assign to the API key under Permissions.
A screenshot of the permission set of an API key
  1. Click Save & Close.
  2. Click Yes, Save Changes on the pop-up.
  3. Click Send Code to send a 6-digit verification code to the email address linked to your account
  4. Get your verification code from the email.
  5. Enter the code in the Verify your account pop-up.
  6. Click Verify & Save Changes.
A screenshot of verifying the changes to the permission set of an API key

Getting your Account ID

To use site-level APIs, you need to include your Wix Account ID in your HTTP request header. You can get your Account ID in the API Keys page of the enterprise dashboard. 

To get your Account ID:

  1. Go to API Keys in your Enterprise dashboard.
  2. Click Copy ID under Account ID.
A screenshot of copying your Account ID on the API Keys page

Want to learn more about using Wix API keys?
Read our article about building requests using API keys.

Did this help?

|