Wix - API Keys
Lets users:
Build custom functionality using Wix’s library of APIs.
Add tech from any non-Wix company to their sites, expanding Wix’s push towards “open platform.”
Challenge
API keys can expose users to serious data breaches if used wrong. We needed to tell users about those risks while encouraging them to use the product.
Solution
Mention each risk at the right moment using simple language.
We encouraged users to only share keys with “trusted team members” in the flow’s first sub-header.
These API keys carried another security risk: each granted access to all of the user’s sites.
Instead of front-loading the flow with warnings, we mentioned this on the Generate page where it’s most relevant.
We also used the phrase “keep in mind” instead of “warning.”. It’s attention-grabbing without being alarmist.
Finally, we suggested a way to limit their exposure.
As extra protection, users were only shown their generated key once.
Here, we remind users about the risks and remind them to keep the key safe.
Not having the option to view a key again might be frustrating.
Here, we remind users that this increases security and suggest two helpful alternatives: duplicating or rotating their keys.