Understanding the security of project data in Sanity.io.

Hello everyone,
I have a question regarding the security of my Sanity project data. I was wondering if there is a way to prevent unauthorized access to my data through the Project ID. I noticed that when I replace the Project ID in the Query URL (generated from the Vision Tool in Sanity Studio) with the Project ID from my other Sanity project, I am able to view the data. However, when I tried using a random Project ID I found online, I couldn't access their data (No result shown, just blank array). I'm curious to understand why this is the case.

This is a very beginner question, but I would appreciate any clarification. Thank you!

Hi . It’s a good question. A dataset that’s public can be queried without authentication, meaning that any documents on a non-root path (i.e., without a period in the

_id

) are publicly viewable. Documents that are on a non-root path, which includes drafts, are not visible without authentication.
If you’d like to hide
all documents from a query, you can make your dataset private in Manage , though note that all queries would then require authentication (i.e., a token).

Got it, thank you!