Get help on Discord

Sanity ClientError: Unauthorized in Netlify function (production only)

3 replies
Last updated: Jan 17, 2026
Hey guys, I'm trying to use the 
@sanity/client
package from a Netlify function but am getting an error only in production, not locally with netlify dev: 
Sanity error: ClientError: Unauthorized - Session not found

I've created an API token and am passing it with the sanity client calls, so think that the error may have something to do with my CORS Origins configuration? I allowed credentials for a netlify domain like 
<https://bloopity-blopity-1n23io.netlify.app>
does that look right? Any help would be much appreciated!
AI Update

I understand the frustration - "Session not found" errors can be confusing! The good news is this has nothing to do with your CORS configuration.

CORS doesn't apply to serverless functions like Netlify Functions. CORS Origins only control browser-based requests where the browser enforces cross-origin security. Since your Netlify function runs server-side, not in a browser, CORS settings don't affect it at all. You can safely remove that Netlify domain from your CORS origins in manage.sanity.io (Settings > API > CORS Origins) - it's not needed for function-to-Sanity communication.

Common causes of "Session not found" errors with API tokens:

  1. Token not properly passed to the client - Double-check that your environment variable is correctly set in Netlify's production environment (not just locally). In Netlify's dashboard, go to Site settings > Environment variables and verify SANITY_API_TOKEN exists and matches your token from manage.sanity.io.

  2. Token permissions - Ensure your API token has the appropriate role assigned. If you're just reading content, a "Viewer" role token should work. For writes, you'll need "Editor" or a custom role with appropriate permissions.

  3. Token format issues - Make sure you're passing the token exactly as created, with no extra spaces or quotes accidentally included from your environment variable.

Debugging steps:

import {createClient} from '@sanity/client'

const client = createClient({
  projectId: 'your-project-id',
  dataset: 'your-dataset',
  token: process.env.SANITY_API_TOKEN,
  apiVersion: '2024-01-01'
})

// Add logging to verify token is present (but don't log the actual token value!)
console.log('Token exists:', !!process.env.SANITY_API_TOKEN)

Why it works locally but not in production:

The most common reason is that netlify dev uses your local .env file, while production Netlify uses environment variables configured in their dashboard. These are separate configurations that need to be set independently.

Next steps:

  1. Verify your environment variable is set in Netlify's production environment
  2. Confirm the token has the right permissions in manage.sanity.io (Settings > API > Tokens)
  3. Try creating a fresh token if the current one might be corrupted
  4. Remove the CORS origin configuration since it's not relevant for serverless functions

If you're still stuck after checking these, let us know what the token permissions are set to and whether the environment variable shows up in your Netlify build logs (just the existence, not the value!).

Show original thread
3 replies

Sanity – Build the way you think, not the way your CMS thinks

Sanity is the developer-first content operating system that gives you complete control. Schema-as-code, GROQ queries, and real-time APIs mean no more workarounds or waiting for deployments. Free to start, scale as you grow.

Get started for freeExplore the demo

Was this answer helpful?