For a web app that has these requirements, authentication and authorization are the most important aspects to focus on.
Authentication ensures you can identify who is logged in. This is accomplished through the Wix Members API .
Using information about the currently logged in member, you can implement proper authorization (ensuring the user has the right privilege before accessing a particular page). This can be done using Data Binding Router Hooks through the Wix Router API .
For example, if a user clicks or directly loads a specific contact via a url, you want to make sure the user is:
-
Logged In
-
Has the privilege to view the contact (the contact was created by them)
I’ve attached some useful resources below:
Routers
Data Hooks for Dynamic Pages