Wix - API Keys
Scroll ↓
Lets users:
Build custom functionality using Wix’s library of APIs.
Add tech from any non-Wix company to their sites, expanding Wix’s push towards “open platform”.
Challenge
API keys can expose users to serious data breaches if used wrong. We needed to tell users about those risks while encouraging them to use the product.
Solution
Mention each risk at the right moment using simple language.
We encouraged users to only share keys with “trusted team members” in the flow’s very first sub-header.
API keys have another security risk: each one grants access all of the user’s sites.
Instead of front-loading the flow with warnings, we mentioned this on the Generate page where it’s most relevant.
We also used the phrase “keep in mind” instead of “warning:”. It’s attention-grabbing without sounding alarmist.
Finally, we suggested a way to limit their exposure.
As an extra protection, users are only shown their generated API key once.
In the modal displaying the key, we remind users about API key’s security risks and encourage them to keep the key safe.
Not having the option to see their keys again might be frustrating.
Here we remind users that the precaution’s for their security and suggest two helpful alternatives: duplicating or rotating their keys.