Sanity mutation failed: Insufficient permissions for create with editor token

The 403 "Insufficient permissions" error you're experiencing is not related to being on the free plan. The free plan does include basic access control - Custom Roles (the Enterprise feature mentioned in the Custom Roles documentation) is only needed for advanced, granular permissions using GROQ filters.

Your issue is likely related to one of these common causes:

1. Token permissions not matching dataset Make sure your API token has Editor permissions specifically for the dataset you're trying to write to. When you create a token, you need to ensure it's granted permissions for the correct dataset (usually "production" by default).

2. Dataset privacy settings If your dataset is set to "private," you need to ensure your token is properly authenticated. Check your Sanity client configuration - it should include your token with write permissions:

const client = sanityClient({
  projectId: 'your-project-id',
  dataset: 'your-dataset',
  token: 'your-token-with-editor-permissions',
  useCdn: false, // Important: CDN doesn't support authenticated requests
  apiVersion: '2024-01-01'
})

3. Token not included in the request In NextAuth examples, make sure the Sanity client being used for mutations actually includes your token. Sometimes the client is instantiated without the token, or a different client instance is used for reads vs writes.

4. CORS settings While this typically gives a different error, verify your CORS origins are configured correctly in your Sanity project settings at sanity.io/manage.

To debug, check:

• Go to sanity.io/manage → your project → API settings
• Verify your token exists and has "Editor" role for the correct dataset
• Confirm the dataset name matches what's in your code
• Make sure useCdn: false in your client configuration when performing mutations

The Editor role on any plan (including free) should absolutely allow document creation, so this is a configuration issue rather than a plan limitation.