Wix User Management API Guide

Auth method: OAuth 2.0

Setup steps

1. Register an app in the Wix Developers Center (https://dev.wix.com).
2. Configure OAuth redirect URIs and select required permission scopes for your app.
3. Direct the site owner through the Wix OAuth consent flow to obtain an authorization code.
4. Exchange the authorization code for an access token and refresh token via POST https://www.wixapis.com/oauth2/token.
5. Include the access token as a Bearer token in the Authorization header of all API requests.
6. Refresh the access token using the refresh token before expiry.

Required scopes

Query Members

• Method: POST
• URL: https://www.wixapis.com/members/v1/members/query
• Watch out for: Use POST for queries, not GET. Cursor from pagingMetadata.cursors.next must be passed in subsequent requests.

Request example

POST /members/v1/members/query
{
  "query": {
    "filter": {"status": "ACTIVE"},
    "cursorPaging": {"limit": 50}
  }
}

Response example

{
  "members": [{"id": "abc123", "loginEmail": "user@example.com", "status": "ACTIVE"}],
  "pagingMetadata": {"cursors": {"next": "<cursor_token>"}}
}

Get Member

• Method: GET
• URL: https://www.wixapis.com/members/v1/members/{id}
• Watch out for: Returns 404 if the member ID does not exist on the specific site.

Request example

GET /members/v1/members/abc123
Authorization: Bearer <token>

Response example

{
  "member": {
    "id": "abc123",
    "loginEmail": "user@example.com",
    "status": "ACTIVE",
    "profile": {"nickname": "JohnD"}
  }
}

Create Member

• Method: POST
• URL: https://www.wixapis.com/members/v1/members
• Watch out for: New members default to PENDING status; a separate approval call is required to activate them.

Request example

POST /members/v1/members
{
  "member": {
    "loginEmail": "newuser@example.com",
    "profile": {"nickname": "NewUser"}
  }
}

Response example

{
  "member": {
    "id": "def456",
    "loginEmail": "newuser@example.com",
    "status": "PENDING"
  }
}

Update Member

• Method: PATCH
• URL: https://www.wixapis.com/members/v1/members/{id}
• Watch out for: fieldMask is required; omitting it may result in unintended field clearing.

Request example

PATCH /members/v1/members/def456
{
  "member": {
    "profile": {"nickname": "UpdatedName"}
  },
  "fieldMask": {"paths": ["profile.nickname"]}
}

Response example

{
  "member": {
    "id": "def456",
    "profile": {"nickname": "UpdatedName"}
  }
}

Delete Member

• Method: DELETE
• URL: https://www.wixapis.com/members/v1/members/{id}
• Watch out for: Deleting a member also removes their associated contact record. This action is irreversible.

Request example

DELETE /members/v1/members/def456
Authorization: Bearer <token>

Response example

{}

Approve Member

• Method: POST
• URL: https://www.wixapis.com/members/v1/members/{id}/approve
• Watch out for: Only members in PENDING status can be approved.

Request example

POST /members/v1/members/def456/approve
Authorization: Bearer <token>

Response example

{
  "member": {"id": "def456", "status": "ACTIVE"}
}

Block Member

• Method: POST
• URL: https://www.wixapis.com/members/v1/members/{id}/block
• Watch out for: Blocked members cannot log in but their data is retained.

Request example

POST /members/v1/members/def456/block
Authorization: Bearer <token>

Response example

{
  "member": {"id": "def456", "status": "BLOCKED"}
}

Query Contacts

• Method: POST
• URL: https://www.wixapis.com/contacts/v4/contacts/query
• Watch out for: Contacts and Members are separate objects; a member always has a contact but a contact may not have a member record.

Request example

POST /contacts/v4/contacts/query
{
  "query": {
    "filter": {"info.emails.email": {"$eq": "user@example.com"}},
    "cursorPaging": {"limit": 50}
  }
}

Response example

{
  "contacts": [{"id": "ghi789", "info": {"name": {"first": "John", "last": "Doe"}}}],
  "pagingMetadata": {"cursors": {"next": "<cursor_token>"}}
}

• Rate limits: Wix does not publicly document specific numeric rate limits for the Members REST API in its official developer docs as of the research date.

• Rate-limit headers: No

• Retry-After header: No

• Rate-limit notes: Official docs do not specify rate-limit headers or Retry-After behavior. Wix returns HTTP 429 when limits are exceeded; specific thresholds are not published.

• Pagination method: cursor

• Default page size: 50

• Max page size: 1000

• Pagination pointer: cursorPaging.cursor

• Webhooks available: Yes

• Webhook notes: Wix supports webhooks for member and contact lifecycle events via the Wix Developers Center app configuration. Webhooks deliver POST payloads to a registered HTTPS endpoint.

• Alternative event strategy: Polling the Query Members endpoint with a filter on updatedDate as a fallback.

• Webhook events: wix.members.v1.member_created, wix.members.v1.member_updated, wix.members.v1.member_deleted, wix.contacts.v4.contact_created, wix.contacts.v4.contact_updated, wix.contacts.v4.contact_deleted, wix.members.v1.member_approved, wix.members.v1.member_blocked

• SCIM available: Yes

• SCIM version: 2.0

• Plan required: Enterprise

• Endpoint: Tenant-specific SCIM base URL provided during Enterprise SSO/SCIM setup in the Wix dashboard; not a single public static URL.

• Supported operations: Create User (POST /Users), Read User (GET /Users/{id}), List/Filter Users (GET /Users), Update User (PATCH /Users/{id}), Deactivate/Delete User (DELETE /Users/{id})

Limitations:

• Requires SSO to be configured as a prerequisite before SCIM can be enabled.
• Only available on the Wix Enterprise plan (custom pricing, ~$500/month minimum).
• Microsoft Entra ID is the documented IdP for SCIM integration; Okta and Google Workspace are not listed as supported in official docs.
• SCIM endpoint URL is tenant-specific and generated within the Wix Enterprise dashboard, not a publicly documented static URL.
• Group provisioning support via SCIM is not explicitly documented in official help center articles.

Three integration patterns are well-supported by the current API surface.

First, member provisioning and activation: POST to /members to create a record (status defaults to PENDING), then POST to /members/{id}/approve to activate

skipping the approve call leaves the member unable to log in.

Second, SCIM sync from Microsoft Entra ID: obtain the tenant-specific SCIM URL and bearer token from the Enterprise dashboard, configure Wix as an enterprise application in Entra ID, and map userName to loginEmail;

SSO must be active before this flow will succeed.

Third, bulk member export with cursor pagination: POST to /members/query with cursorPaging.limit up to 1000, then follow pagingMetadata.cursors.next until exhausted

cursors are time-limited, so the full pagination sequence should complete within a single session.

For event-driven pipelines, webhooks for member_created, member_updated, member_deleted, member_approved, and member_blocked are available via the Wix Developers Center;

polling on updatedDate is the documented fallback.

Provision a new site member and activate them

1. POST https://www.wixapis.com/members/v1/members with loginEmail and profile fields.
2. Capture the returned member.id from the response (status will be PENDING).
3. POST https://www.wixapis.com/members/v1/members/{id}/approve to set status to ACTIVE.
4. Optionally subscribe to the wix.members.v1.member_approved webhook to confirm activation.

Watch out for: Skipping the approve step leaves the member in PENDING and they cannot log in.

Sync Wix Enterprise users via SCIM from Microsoft Entra ID

1. Confirm the Wix Enterprise plan is active and SSO is configured in the Wix dashboard.
2. Navigate to the SCIM provisioning section in the Wix Enterprise dashboard to obtain the tenant-specific SCIM base URL and bearer token.
3. In Microsoft Entra ID, add Wix as an enterprise application and configure SCIM provisioning with the obtained URL and token.
4. Map Entra ID user attributes to SCIM User schema fields (userName → loginEmail, etc.).
5. Enable provisioning; Entra ID will call POST /Users to create and PATCH /Users/{id} to update members.

Watch out for: SSO must be fully configured before SCIM can be enabled; attempting SCIM setup without SSO will fail.

Bulk-query and export active members with cursor pagination

1. POST https://www.wixapis.com/members/v1/members/query with filter status=ACTIVE and cursorPaging.limit=1000.
2. Extract members array from response.
3. Check pagingMetadata.cursors.next; if present, repeat POST with cursorPaging.cursor set to that value.
4. Continue until pagingMetadata.cursors.next is absent or empty.

Watch out for: Max page size is 1000; do not attempt to retrieve all members in a single request for large sites. Cursors are time-limited; complete pagination within a single session.

Several non-obvious behaviors can cause silent failures or data loss. PATCH requests require an explicit fieldMask; omitting it may result in unintended field clearing with no error returned.

DELETE on a member permanently removes the associated contact record - there is no soft-delete or recovery path. Rate limits are not publicly documented; the API returns HTTP 429 when thresholds are exceeded but does not emit Retry-After headers, so exponential backoff must be implemented defensively.

The Members and Contacts APIs use different versioning (/v1 vs /v4), which matters when constructing base URLs programmatically. Finally, SCIM group provisioning support is not explicitly documented in official help center articles, so group-based access automation should be validated against a live Enterprise tenant before relying on it in production.