After you set up an OAuth app for your site or app in your project dashboard, you can begin coding by getting OAuth tokens and using them to make API calls.
There are several ways to get tokens. Which way you choose depends on the type of user you need tokens for and whether you use a Wix-managed login or a custom login for members.
- Visitors: To get tokens for visitors who are not logged into your site or app, see Handle Visitors.
- Members with Wix-managed login: To get tokens for logged in members using a Wix-managed login page, see Handle Members with Managed Login.
- Members with a custom login page: To get tokens for logged in members using a custom login page, see Handle Members with Custom Login.
When you retrieve tokens, you get two tokens.
- Access token: Access tokens are used to authorize API calls. Every time you make an API call, you need to authorize the call using a valid access token. Access tokens are short-lived. They are valid for 4 hours from the time they are created.
- Refresh token: Refresh tokens are used to get new access tokens after your access tokens have expired. Refresh tokens are long-lived.
Once you have your tokens, you can use them to make API calls. Use the access token in the authorization header when making an API call.