Resolving access issues with Sanity's Users API using user tokens
12 replies
Last updated: Jan 17, 2025
A
Hi All,I am using the following API:
This is as per the documentation:
Sanity API Reference .I have created a token with all permissions enabled, but I am still unable to access the Users API.
The API is returning the error:
"Robots are not allowed."
I think I need to create a auth token to access this api
but I am not able to find documentation for it
Could someone please help me with this?
<http://api.sanity.io/vX/access/projects/{projectId}/users|api.sanity.io/vX/access/projects/{projectId}/users>Sanity API Reference .I have created a token with all permissions enabled, but I am still unable to access the Users API.
The API is returning the error:
"Robots are not allowed."
I think I need to create a auth token to access this api
but I am not able to find documentation for it
Could someone please help me with this?
Jan 9, 2025, 10:13 PM
P
are you changing
vXto the actual api version which would be
vyyyy-mm-ddaka
v2025-01-09
Jan 9, 2025, 11:59 PM
P
the auth tokens you create in your dashboard in sanity.io -> project -> api -> tokens.
Jan 10, 2025, 12:08 AM
P
you know what. I just tried this myself and I also cant access the api endpoint. with the same error. I tried all 3 token types and several api versions including
which makes me think that maybe either A this is not public yet or B it requires CORS from an actual domain and not localhost for it to work.
vX,
v2,
v3,
v2025-01-09. and still got the same 403 forbidden error
{"statusCode":403,"error":"Forbidden","message":"Robots are not allowed"}Jan 10, 2025, 12:31 AM
P
also even trying this using the
test requestfeature on this page results in the same error.
Jan 10, 2025, 12:35 AM
That error means the API cannot be authorized with a robot token. It needs the token of a user. I’m not sure why that’s the case, but I looked at the code and it was an intentional choice.
Jan 10, 2025, 12:40 AM
P
hmm maybe its legacy from the CLI? since the cli would have the logged in user token?
Jan 10, 2025, 12:42 AM
No, because this endpoint is new (still in beta).
Jan 10, 2025, 12:43 AM
P
interesting.
Jan 10, 2025, 12:44 AM
Oh, wait. The use of OpenAPI is what’s in beta—not the API itself (though it is new).
Jan 10, 2025, 12:44 AM
P
ok got it working with that knowledge. at first I was like “how are we suppose to get the users secret without building our own auth” but sanity came through with a cli command. with your logged in user you can issue
sanity debug --secretswhich will dump your user token. Now the api works and gets me a list of all users. But I assume this is really for enterprise people who build their own SSO.
Jan 10, 2025, 1:15 AM
A
user M
I did same thing it worked for me aswellbut i think keeping this secrete key in env is not good idea
Jan 10, 2025, 12:26 PM
Hi all. The backend team just pushed a change and you should now be able to use a robot token with the Access API.
Jan 17, 2025, 3:11 PM
Sanity– build remarkable experiences at scale
Sanity is a modern headless CMS that treats content as data to power your digital business. Free to get started, and pay-as-you-go on all plans.