UPDATE:
I have found a work-around for the problem below (see my comment below), but I consider it a hack.
WIX PLEASE UPDATE THE API TO ALLOW TRUE PROGRAMMATIC ACCESS TO CORVID APIs FROM iOS/Android!
Original Post:
My mobile app needs to access my Wix site and do things like log in, query a user’s data and utilize those results within the app. However, the Wix API documentation seems to assume the APIs are called from javascript on web pages hosted on my Wix site.
I want to create an API basis for doing programmatically what someone can do on the website, including logging in, querying the various databases on my site for user-specific data, etc. so that mobile applications can access it as easily as the browser.
I looked into the back-end function approach creating a http-functions.js file in the Backend folder per this link , but I am running into errors trying that approach. I think I must be missing something fundamental, because many of the Wix API I want to support in my Backend function fail with permissions error.
So what is the approach I need to take in order (for example) to support querying my Members database for data associated with a particular member? This database has permissions set for either site member or site member author. For example, here is some code that needs to determine whether or not a particular user (identified by email) has any ‘connections’ to others:
export async function get_utils(request) {
console.log("utils function called");
let response = { "headers": {"Content-Type": "application/json"} };
response.body = {"result":false};
const operation = request.path[0]; // "login"
switch (request.path[0]) {
case 'connections':
{
const email = request.query["email"];
await wixData.query("SITConnections")
.include("SITMembers")
.eq("memberEmail", email)
.find()
.then( (results) => {
if (results.items.length > 0) {
console.log("Found " + results.items.length + " connections.")
for (let i= 0 ; i < results.items.count ; i++) {
//TODO Create response data here
}
response.body = {"result": true, "items" : results.items};
} else {
console.log("Found 0 connections.")
response.body = {"result": false};
}
})
.catch( (error) => {
console.log("Got error: " + error);
response.body = {"result":false,"errormsg" : error.message};
});
return ok(response);
}
default:
response.body = {"result": false};
return ok(response);
}
But calling this results in a permissions error: WDE0027: The current user does not have permissions to read on the SITCOnnections collection.
Which based on this implementation is understandable - just calling this API as-is doesn’t have any credentials associated with it - I haven’t logged in, passed any type of a token, etc…
Yet the documentation for wix-http-functions clearly anticipates people doing what I am trying to do because it states:
Using Corvid you can create functions to expose the functionality of your site as a service. That means other people can use the functionality of your site by writing code that calls your site’s API as defined by Wix Functions you create.
You might want to use HTTP functions to:
-
Integrate your site with an automation tool, such as Zapier or IFTTT.
-
Receive notifications and information from external webhooks.
-
Share a backend between your site and a native mobile application.
The last bullet is exactly what I’m trying to do! Surely there is a way to indicate to the back-end functions which “logged in user” is associated with the request being made, similarly as if it was coming from a web page?
How?