restblogsvelo

Issues with Wix REST API returning a 403


I'm trying, what on the surface seems a very simple GET request to the Wix REST API via Postman. Followed the documentation and generated an API key with the requisite permissions and an Account ID.

The GET request is to query the blog posts on the site, and is, according to the Wix docs, a very simple:

https://www.wixapis.com/blog/v3/posts

I've added the API Key, as the Authorization header, and the account id, as the custom 'wix-account-id' header, and getting Wix's 403 page.

Anybody out there been through the pain and can offer any suggestions?

I'm editing my original question to add details of the request, as requested:Request

And the Response:

<!DOCTYPE html>
<!--
    

                            

  
  
            
-->
<html>

<head>
    <meta charset="utf-8">
    <meta name="viewport" content="width=device-width, initial-scale=1">
    <meta name="robots" content="noindex">
    <title>403 Error: Forbidden | Wix.com</title>


    <script async
        src="https://static.parastorage.com/polyfill/v2/polyfill.min.js?features=default,es6,es7,es2017&flags=gated&unknown=polyfill&rum=0">
    </script>
    <script src="https://static.parastorage.com/unpkg-semver/fedops-logger@5/fedops-logger.bundle.min.js"></script>
    <script>
        fedopsLogger.reportAppLoadStarted("classic-error-pages-statics");
    </script>
    <script src="https://static.parastorage.com/unpkg-semver/header-footer-provider/app.bundle.min.js"></script>
    <script crossorigin src="https://static.parastorage.com/unpkg/react@18.2.0/umd/react.production.min.js"></script>
    <script crossorigin src="https://static.parastorage.com/unpkg/react-dom@18.2.0/umd/react-dom.production.min.js">
    </script>

    <link rel="stylesheet" href="//static.parastorage.com/services/classic-error-pages-statics/1.76.0/app.min.css">

    <link rel="preload" as="font"
        href="https://static.parastorage.com/unpkg/@wix/wix-fonts@1.14.0/media/WixMadeforTextVF_W_Wght.8022447a.woff2"
        crossorigin>
    <link rel="preload" as="font"
        href="https://static.parastorage.com/unpkg/@wix/wix-fonts@1.14.0/media/WixMadeforDisplayVF_W_Wght.ab35e4df.woff2"
        crossorigin>
    <link rel="stylesheet" href="https://static.parastorage.com/unpkg/@wix/wix-fonts@1.14.0/madefor.min.css">
    <link rel="stylesheet" href="https://static.parastorage.com/unpkg/@wix/wix-fonts@1.14.0/madeforDisplay.min.css">

</head>

<body>
    <div id="root"></div>
    <script>
        window.__LOCALE__ = 'en';
    window.__ERROR_DATA__ = {
        staticsUrl: '//static.parastorage.com/services/classic-error-pages-statics/1.76.0/',
        baseDomain: 'wix.com',
        errorCode: '403',
        exceptionName: 'null',
        serverErrorCode: '-100',
        data: {},
        brand: 'wix',
        requestId: '************'
    };
    </script>
    <script src="//static.parastorage.com/services/classic-error-pages-statics/1.76.0/app.bundle.min.js"></script>
</body>

</html>


Solution

  • Eventually got to the bottom of this.
    I am indebted to this post, (Wix Rest API throws 403 Forbidden) for at least part of the answer.
    The Wix documentation although, fairly extensive, omits certain key details.
    Some of their REST API Methods, require an account id in the header, whereas others, require a site id.
    The documentation on this particular does not even mention this, https://dev.wix.com/docs/rest/business-solutions/blog/posts-stats/list-posts
    To make this GET request you will need an Authorization header with the value of your API Key and a custom header called wix-site-id.

    To get these 2 pieces of information I did the following, (whether you can follow this, depends on your site permissions):

    1. To generate an API key, go to your Wix Dashboard and locate Settings.
      Within Settings, scroll down to Development & integrations, choose Headless settings.
      In the Headless settings page, there is a section called Admin API Key.
      Click the button, Manage API Key, to navigate to your page to generate your API Key.
      Once there, click the button Generate API Key, and ensure that you give the Key the exact permissions you need, in this case it was Blog Permissions. Very carefully record your key because you'll only ever see it once.

    How to generate API Key

    2. To get your site id is much more straight forward.
    When you arrive at your Wix Dashboard, your site id is displayed as a Guid in the URL:
    Your site id
    Once you have these pieces of information simply, make your GET request, and ensure you add these 2 headers:
    Authorization: <your API Key>
    wix-site-id: <your site id guid>

    That's how I solved this particular issue.