Bookings API Unauthorized Operation: Access is denied

Ask the community
, ,
1

Hello, I want a more complex dynamic timeslot for my multple locations services. (if there is already a booked in the afternoon on location A block all afternoon slots in location B) I made a custom booking frontend and a working back end. It all works when I run it in test but when I publish it I receive a back end error log:

GetBookingsForDay: message: ‘Unauthorized Operation: Access is denied. You may not have the appropriate permissions’ details: applicationError: description: Access is denied. You may not have the appropriate permissions code: ‘1’ data: {}"The fuction has anyone premision but I think my Bookingsv1 API also needs premisions?

The code itself:

import { bookings as bookingsQry } from 'wix-bookings-backend';

export async function getBookingsForDay(startISO, endISO) {

  console.log('\[DBG\] queryBookings range', startISO, '→', endISO);

  try {

    const { items } = await bookingsQry

      .queryBookings()

      .ge('startTime', new Date(startISO))

      .lt('startTime', new Date(endISO))

      .limit(100)

      .find();

Any idea’s on what I should do?

1 Like
2

You’ve hit a permissions mismatch between Preview and the published site.

  • In Preview, you’re effectively the site owner, so wix-bookings-backend.queryBookings() succeeds.
  • On the published site, your exposed function is running with the visitor’s permissions (you mentioned “Anyone” permission), and visitors do not have rights to read bookings. So you get: Unauthorized Operation.
import { Permissions, webMethod } from "wix-web-module";
import { elevate } from "wix-auth";
import { bookings } from "wix-bookings-backend";
2 Likes