To authenticate a user, the client code that embeds the widget on your site must request a token for this user from your server. Your server verifies the identity of the user through whichever method you currently use and then requests a token for this user from the Wix Answers auth REST API. This request is secured using your Wix Answers Api Key and Api Secret. When your client code receives the token it is passed to the Widget using an SDK method.

In accordance with web security best practices, the token that our auth API provides is short lived and is only valid for 5 minutes. Therefore, rather than passing a single token to the widget, you must supply a function to the widget that returns a promise that resolves to the token. The Widget gets a new token whenever necessary.

You can find an example of the server endpoint that you must implement here. The example is for a node server using express and axios.

You can find an example of the change you must make to your widget embed code in order to add the authentication function here. The example uses axios.