members.updateMember Forbidden error

elijahtella · July 17, 2022, 9:54pm

Hi can someone please explain how to fix the 403 error I’m getting whenever I call the members.updateMember function from the http-function.js code.

The API is doc is at https://www.wix.com/velo/reference/wix-members-backend/members/updatemember

The code below works when I run it directly on a user.jsw file. However I want to expose this as a service to a third party app so the user data can be synced to wix.

    **return**  members . updateMember ( id ,  memberData ) 
    . then (( member ) => { 
           **return**  member ; 
    }) 
    . catch (( error ) => { 
        console . log ( "[There was an error updating member with data]" ,  data ,  error ); 
        **return**  error ; 
    });

//user.jsw  code file
export async function updateUserProfile(id, data) {
        var memberData =  {
                            contactDetails: {
                                firstName: data.firstName,
                                lastName: data.lastName,
                                phones: [data.phone],  
                                birthdate: data.dateOfBirth,    
                                customFields: {
                                    gender: {
                                        name: "Gender",
                                        value: "Femaile"
                                    },
                                    provider: {
                                        name: "Provider",
                                        value: "App"
                                    },
                                    lastupdatedby: {
                                        name: "LastUpdatedBy",
                                        value: "AdminHBP"
                                    }
                                }
                        },
                        profile:{
                            profilePhoto : {
                                url : data.picture 
                            }
                        }
                    }
        return members.updateMember(id, memberData)
        .then((member) => {
               return member;
        })
        .catch((error) => {
            console.log("[There was an error updating member with data]", data, error);
            return error;
        });
}

//http-functions code file
export async function post_updateUser(request) {
    console.log("request body", request)
    let options = {
        headers: {
            "Content-Type": "application/json",
            "Access-Control-Allow-Origin": "*",
            "Access-Control-Allow-Methods": "*"
        }
    };
    console.log("update user called", request);
    // query a collection to find matching items
    return request.body.json()
        .then(async (body) => {

         var data = {
            firstName: body.firstName,
            lastName: body.lastName,
            phone: body.phone,
            gender: body.gender,
            dateOfBirth: body.dateOfBirth,
            picture: body.picture,
        }

       
           var id = body.id;
        
           console.log("update user sent", data);
            console.log("update user id", id);
            return updateUserProfile(id, data)
            .then((member) => {
                return member;
            })
            .catch((error) => {
                    console.log("update user error", error);
                return error;
            });
        })
        .then((results) => {
            options.body = {
                "updated": true,
                "message": results
            };
            return ok(options);
        })
        // something went wrong
        .catch((error) => {
            options.body = {
                "updated": false,
                "error": error.message
            };
            return badRequest(options);
        });
}

J.D · July 18, 2022, 10:03pm

Please post the response you return to the 3rd party that made the call.

elijahtella · July 19, 2022, 8:27pm

Thanks J.D. But I’m not sure if you understood the problem. I’m calling the service from POSTMAN (third party).

The problem is to be able to create a service that updates member details from an API endpoint.

J.D · July 20, 2022, 1:07am

I meant to ask you to write here the full http-function (including the headers and body that you were trying to return).

elijahtella · July 20, 2022, 9:47pm

Thanks for trying to help. I’ve now attached screen shots to my post showing the backend code in the user.jsw, the api code in the http-function and the consumer code from postman. Thanks in advance

J.D · July 20, 2022, 10:33pm

You’re nesting promises instead of chaining them and that’s not the way to do it.
If you copy-paste the code instead of screenshot, I can show you how to correct it.

elijahtella · July 20, 2022, 10:51pm

hi…I don’t think the code structure is the cause of the 403 forbidden error I’m having issues. But it would be nice to get some guidiance on the better way to structure the promises. So I’ve copy-pasted the code…However, could you please still address the main concern of calling the update-member api externally . Thank you so much

J.D · July 21, 2022, 6:48pm

You’re using getCurrentMember but there’s no current member if you call it from a 3rd party.
You need to send the memberId (or login email) from the 3rd party,
Then use:
https://www.wix.com/velo/reference/wix-members-backend/members/getmember

and
https://www.wix.com/velo/reference/wix-members-backend/members/updatemember

to get the member and update it.

elijahtella · July 21, 2022, 11:45pm

thanks for your patience J.D. That was the wrong code, I’ve now pasted the correct one. You will have noticed the method in the httpfunction file was calling the updateUserProfile rather than the updateCurrentUserProfile. The third party sends the id of the user as shown in the postman image

elijahtella · July 21, 2022, 11:48pm

Also FYI JD, here is the screen shot of the response I have received from the wix support. Let me know if you have ever had experience in this scenerio where you need to update the member details from a third party via an api. If so kindly advice on a way to go about it.

J.D · July 22, 2022, 9:41am

I see. I didn’t know that.
Maybe you can save the data into another collection and next time the user logs in to Wix update the profile based on the stored info.

elijahtella · July 22, 2022, 6:16pm

thanks J.D, that’s a smart workaround. However, I’ve also been told I could use the updateContact instead and then use triggers to update the members.

thanks I’m happy to close this off now

Topic		Replies	Views
Update data in WixMembers by code Ask the community code , wix , wix-members-area , question	5	43	November 19, 2024
currentMember.getMember failed with permission denied Error Ask the community code , wix-members-area , question	3	234	July 4, 2024
Expose http-function error Ask the community code , wix-members-area , question	5	445	July 22, 2023
listMemberBadges permission bug? Ask the community code , wix-members-area , question	0	88	December 4, 2022
Wix secret manager update and list function error Ask the community code , question , api	1	123	October 19, 2023

members.updateMember Forbidden error

Related topics