Hi everyone,
I’m currently developing a Headless integration for my Wix site (chinacartbridge.com) to automate blog post creation. I am consistently encountering 500 Internal Error with the message “Invalid public RSA key” when attempting to hit the POST /blog/v3/draft-posts endpoint, despite successful authentication and correct permissions.
Here is my technical setup:
• App ID: e1b712a6-f332-4cef-b0f7-45746821545c
• Site ID: 32d03c1d-e1df-45f4-acc7-0b0d6a0fc27d
• Endpoint: POST https://www.wixapis.com/blog/v3/draft-posts
• Auth Strategy: ApiKeyStrategy (using a valid API Key).
• Permissions: App has Manage Blog (Read/Write) permissions, saved and the app is installed on the site.
What I’ve verified:
- Read Access: GET /blog/v3/categories works perfectly with the same API key and site ID headers, confirming authentication and routing are correct.
- Request Structure: I am using standard JSON structure. I have also tested with Ricos-compliant JSON nodes, but the 500 error persists.
- The Error: The response consistently shows:
{“message”:“Invalid public RSA key”,“details”:{“…”:“com.wixpress.identity.identification”,“…”:“com.wix.core.services.identification2.IdentificationServiceV2/extractIdentity”}}
My Questions:
- Does the POST /blog/v3/draft-posts endpoint internally trigger an SPI/Webhook signature verification that requires an RSA-signed payload even when using an API Key?
- Is there a specific “deployment status” (beyond “Install on Site”) required to fully propagate Blog:Write permissions to the production backend?
- Why would a standard API Key request trigger an extractIdentity error related to a “public RSA key”?
Any guidance on the expected signature mechanism for this endpoint or troubleshooting the Invalid public RSA key error in a headless context would be highly appreciated.