Token missing update permission despite no option in Sanity API settings

1 replyLast updated: Nov 30, 2025

Hi is anyone else getting this error with their tokens. On all of the other forms I've read people are saying that I need to get a new token but none of the tokens listed in the sanity api have update listed as a permission

AI Update

I understand your frustration! This is actually a common point of confusion about how Sanity API tokens work. The key thing to understand is that tokens don't have permissions listed directly on them - instead, they inherit permissions from the role assigned to the token.

When you see errors mentioning "update" permission, it means your token is assigned a role that doesn't include write permissions (like "Viewer" which is read-only). Here's how to fix this:

The Solution

Go to Sanity Manage (or run npx sanity@latest manage from your project)
Navigate to the API tab
Create a new token and assign it the "Editor" role (or another role with write permissions)
Replace your old token with this new one in your environment variables

Understanding Token Permissions

As explained in the API tokens documentation, tokens work like this:

Viewer role = read-only access (no create/update/delete)
Editor role = full read and write access
Custom roles = whatever permissions you've configured

The confusing part is that when you look at the token in Manage, you won't see a checkbox list of permissions like "read", "update", "delete" - you just see the role name. The permissions are defined by that role.

Important Security Note

If you need write access (update/create/delete), make sure you're using this token only on the server-side or in Sanity Functions, never in client-side/frontend code. Write tokens should be kept in environment variables and never exposed to browsers.

If you're still seeing issues after creating an Editor token, double-check that:

You're using the new token (not the old one)
Your environment variables are properly loaded
You've restarted your dev server after updating the token

Hope this clears things up!

Show original thread

1 reply

Was this answer helpful?

Sanity – Build the way you think, not the way your CMS thinks

Sanity is the developer-first content operating system that gives you complete control. Schema-as-code, GROQ queries, and real-time APIs mean no more workarounds or waiting for deployments. Free to start, scale as you grow.

Related contributions

Auto-generate alt text for Media Library assets

FeaturedOfficial

Automatically generate accessible, multilingual alt text for images in your Sanity Media Library using Agent Actions and Sanity Functions

Bram Doppen

First Published Timestamp Function

FeaturedOfficial

Automatically track when content was first published with a timestamp that sets once and never overwrites, providing reliable publication history for analytics and editorial workflows.

Knut Melvær

Automatically tag blog posts

FeaturedOfficial

AI-powered automatic tagging for Sanity blog posts that analyzes content to generate 3 relevant tags, maintaining consistency by reusing existing tags from your content library.

Ken Jones Pizza and 1 other

The Solution

Understanding Token Permissions

Important Security Note

Was this answer helpful?

Sanity – Build the way you think, not the way your CMS thinks

Related answers

Fuzzy search on emails with @ symbol - escape character needed?

Team member not receiving Sanity project invitation emails

Creating custom Sanity Dashboard Widget: "Not found" error troubleshooting

How to add a word counter to a content block in Sanity?

Can images be imported to Sanity without referencing them in documents?

How to get alt text from Sanity Media Plugin using GROQ?

Challenge adding team member to Sanity project, invitation email not received

Error setting up custom desk structure with Structure Builder

How to patch Sanity draft documents when syncing from external API?

Related contributions