Website
Messaging

Add a Ticket Center to Your Wix Site

Embed the Helpdesky Ticket Center for Wix Members using Velo backend code and HMAC. Requires a paid Wix plan with Velo.

Authors: Helpdesky

Adding a Ticket Center to Wix gives your signed in users a full support portal: open conversations, view history, and reply, all without leaving your app. This guide assumes you already have authentication in place.

The Ticket Center uses HMAC SHA256 authentication. Your server signs the user's email with a secret, the embed sends the signature, and Helpdesky verifies both before rendering. For the underlying concepts, read the Ticket Center Setup Guide. Below is the Wix specific path.

Ticket Center vs Contact Form: the Ticket Center is for signed in users. If you only need anonymous visitors to send a message, use a Contact Form instead. Plan note: This guide requires Velo (Wix's developer mode) and Wix Members to be enabled. Velo is free to turn on but the published site must be on a paid Wix plan to call backend code.

Set Up Your Helpdesk

Open the Helpdesky dashboard and go to Ticket Center in the sidebar. From this page you will need:

  • Your Helpdesk ID, visible in the embed snippet at the top
  • The Verification Tool further down, used later to confirm your HMAC matches

Generate Your HMAC Secret

On the Ticket Center page, click Generate HMAC Secret and copy it immediately. Helpdesky never shows it a second time.

In the Velo sidebar, go to Secrets Manager (under Settings) and add:

  • HELPDESKY_HMAC_SECRET — the secret you just copied
  • HELPDESKY_HELPDESK_ID — the ID from the embed snippet

Wix's Secrets Manager keeps these on the server. They are only accessible from backend/ files, not from page code.

The secret must stay server side. Never expose it to the browser, embed it in client side bundles, or commit it to a public repo.

Compute the HMAC in a Backend Web Module

In the Velo sidebar, create a new file under Backend → Code Files named ticket-center.web.js:

import { Permissions, webMethod } from "wix-web-module";
import { currentMember } from "wix-members-backend";
import { getSecret } from "wix-secrets-backend";
import { createHmac } from "node:crypto";

export const getTicketCenterToken = webMethod(
  Permissions.SiteMember,
  async () => {
    const member = await currentMember.getMember();
    const email = member.loginEmail;

    const secret = await getSecret("HELPDESKY_HMAC_SECRET");
    const helpdeskId = await getSecret("HELPDESKY_HELPDESK_ID");

    const signature = createHmac("sha256", secret)
      .update(email)
      .digest("hex");

    return { email, signature, helpdeskId };
  }
);

The Permissions.SiteMember setting means only signed in members can call this function, which prevents anonymous visitors from harvesting tokens.

Add the Embed Code

On your support page, drag in an Embed Code → Embed HTML element with a placeholder, then add page code that calls the backend and injects the script:

import { getTicketCenterToken } from "backend/ticket-center.web";

$w.onReady(async () => {
  const t = await getTicketCenterToken();
  $w("#htmlComponent1").src = `
    <div id="hdh-ticket-center"></div>
    <script src="https://helpdesky.io/ticket-center.js"
      data-helpdesk-id="${t.helpdeskId}"
      data-email="${t.email}"
      data-signature="${t.signature}"></script>
  `;
});

Replace #htmlComponent1 with the actual ID of the Embed HTML element on your page.

Test It

Publish your Wix site, sign in as a member, and open the support page. The Ticket Center should render with that member's conversations.

If you see an authentication error, log the email and signature inside the backend function (Velo's logs are visible under Site Monitoring), then paste them into the Verification Tool in the Helpdesky dashboard.

Common issues:

  • Signature mismatch. Wix's loginEmail field is what you should sign. Other email fields on the member object may differ.
  • Empty panel. The Embed HTML element does not auto resize. Stretch it tall enough that the Ticket Center has room to render.
  • Function returns null on visitors. That is correct: the Permissions.SiteMember guard rejects anonymous calls. Make sure your support page is restricted to members.

Next Steps

Add a public Contact Form on your marketing pages for visitors who are not signed in. Route inbound support email into the same inbox with the Email Forwarding Setup Guide.

Last updated on May 2, 2026