Hi,
I need to fetch data between a main wix site to it’s sub wix site.
What key should I use?
Thanks:)
Dafna
Hi Dafna.
To clarify - you have 2 different sites, and you want to fetch data from a collection on site A from site B?
Regards,
Genry.
Yes. I have 2 Wix sites. one of them is a subdomain of the other.
The main site has all the collections.
The sub is dealing with a stripe payment, & should send the payment result to the main site, which will update the collections according to the payment result sent from the sub-domain.
Thanks!
Hi dafna,
What is the reasoning behind the need for two websites?
Shlomi
The main site is managing donations. Because of tax issues I need about 4 sub donains, each for different countries & different payment methods
Thsnks:)
Hi Dafna.
It is possible with the following setup:
-
The main site should have an http function in place to receive the payment result from the payment site. Preferably POST request. More info on http functions - wix-http-functions - Velo API Reference - Wix.com
-
The payment site should have a backend web-method. This method will be called when the payment was successful. The implementation of this method will be calling the http function to the main site with the appropriate value according to the protocol you define using wix-fetch.
Please keep in mind the security aspects of the above solution, since this is a sensitive subject, like payments.
Meaning, using the above method as is - is not secure and will require additional security protocols in place for the communication channels on the application level.
Regards,
Genry.
Thanks:)
I only need to send ‘email’ as a parameter
& get back email + amount
I believe there is no security issue?
Thanks!
Dafna
When talking about security, think about whether it is possible to forge such a request. Even from a user of your sites.
Regards,
Genry.
Regarding the http from the main site to the sub-site:
It sholdn’t call any function, just to save the email for the answer.
a payment page should be opened.
So, will it work without calling a function? open the correct page & keep the email var?
many many thanks!!!
Dafna
& how can I work with json on this?
Let me clarify your solution. It is all happening in browser?
If so, is the switch between sites occuring by HTTP redirect?
Thanks,
Genry.
What are my other options?
I can send to a function that will open the payment page, but how will I send the email parameter?
many many thanks for your time!
Just to clarify, do you have already a solution for main page opening the payment page in browser?
Thanks,
Genry.
ok, I can do it with wix-location, & send the email as a parameter.
Then, after payment, I need to send the email + amount back to the main.
The Donations collection should be updated by main site, since the other collection’s fields are kept there.
All the http & payment happens after the donator enters data, and before submit, using a hook.
Maybe I should use the wix location to subdomain with all parameters, & then use http function to update the collection from the sub-domain?
parameters are:
“name”: $w(“#inputName”).value,
“country”: $w(“#dropCountry”).value,
“address”: $w(“#inputAddress”).value,
“phone”: $w(“#inputPhone”).value,
“email”: $w(“#inputEmail”).value,
“amount”: Number($w(“#inputAmount”).value),
“swimmer”: session.getItem(“swimmer”)
Regarding your previous post, please pay attention to the second redirect from payment to main site.
Using wix-location - the only option to send parameters is using query params.
However, this kind of request can be forged outside of the payment site, meaning a direct call to main site from browser with any email and amount.
Regarding your last post - this is what I proposed. However you will need to implement some security handshake, since the same request can be forged outside of the payment site. It should be a call from payment site backend function to main site http function using wix-fetch. (http function is received on the backend of the site, and has no access to session object). The authorization for example can be achieved by shared secret between the sites, using some chosen header name to put the secret as an authorization key which should be validated on the http function side to verify the authenticity of the request.
Regards,
Genry.
OMG…
& how do I implement such a secret key?
many many thanks !!!
Dafna:)
Is it actually the fetch key?
Can it be anything I define?
I am not sure what fetch key is, but let me clarify the shared secret solution.
Shared secret can be some generated random string long enough, e.g. 256 bit in length. GUID is applicable for this case.
So both payment and main sites should store it on their backend in some file as constant. It can be even in the same file where the caller and the callee located. E.g the web method file on the payment site and the http-functions.js file on the main site.
It is recommended to change this key every 3 months.
The protocol can be for example calling the http function from payment site to main site with a header X-MY-AUTH with the shared secret value. The main site’s http function will read this header and verify the value to the shared secret stored on it’s end. The communication must use SSL (http s ://*).
Regards,
Genry.