Skip to main content
Wix connects through Senderz’s Wix app using OAuth client-credentials. There’s no per-store secret to paste — the store’s instanceId is the key.

Connecting

Install the Senderz app from the Wix App Market. Senderz mints a short-lived token from its app credentials + your store’s instanceId and syncs from there.
Wix auth is client-credentials: Senderz refreshes a 4-hour token on demand. Nothing per-store is stored as a secret — the tenant key is the instanceId.

Webhooks are signed JWTs

Wix webhooks arrive as a bare RS256 JWT (not JSON), verified against Senderz’s per-app public key. Senderz has a dedicated Wix receiver for this — it’s algorithm-pinned to the RSA family to prevent JWT confusion attacks.
Wix times a webhook out at ~1.25 seconds, then retries. Senderz only verifies and enqueues on the request path; the real work happens off it — so a slow pipeline can’t cause duplicate deliveries.

Mapped events

order_created fires for pending/unapproved orders and is deliberately not mapped — order_approved is the valid-order signal per Wix’s own guidance. Fulfilment, refund and forms events are not mapped in v1.
Consent comes from the contact’s primaryEmail / primaryPhone subscription status (SUBSCRIBED / UNSUBSCRIBED); NOT_SET / PENDING leaves consent unset. Labels sync as tags.