Watch a live product demo 👀 See how Sanity powers richer commerce experiences

Hi all, one quick question. The "robot user token" with write access should never be used in frontend bundle (like gatsby). Only correct way to use the write token is to...

3 replies
Last updated: Sep 14, 2020
Hi all, one quick question.The "robot user token" with write access should never be used in frontend bundle (like gatsby). Only correct way to use the write token is to implement an API endpoint and hide the token behind that API. client code invokes the api and then api uses the write token to make modification in sanity.... is my understanding correct?
or is there some other safe way to use write tokens in "font-end-client-only" implementations?
Sep 14, 2020, 7:22 AM
I’ve put the token in an ENV variable, and written a server side serverless function that accepts form input, does sanitization, error checking, etc, and then writes to Sanity.
Sep 14, 2020, 8:16 AM
AFAIK this is completely correct! Any code on your frontend runs in the client so there’s no way to secure a token to my knowledge that couldn’t be retrieved by any third-party visiting the website.
A little serverless function makes it fairly painless
Sep 14, 2020, 8:17 AM
Got it. thanks guys
Sep 14, 2020, 9:49 AM

Sanity– build remarkable experiences at scale

The Sanity Composable Content Cloud is the modern headless CMS that treats content as data to power your digital business. Free to get started, and pay-as-you-go on all plans.

Categorized in

Related answers

Get more help in the community Slack

TopicCategoriesFeaturedRepliesLast Updated
After adding the subtitle and running this code npm run graphql-deploy It does nothingSep 15, 2020
how to limit a reference to just one entry in Studio reference input side versus the default as-many-entries-as-you-fill-in-an-array...Sep 18, 2020
Is it possible to fetch more than one "_type" using GROQ?Nov 2, 2020
I want to add a view with the Structure builder (S.view.component) where I list similar documents based on the title. What...Sep 23, 2020
Is there a structure builder example where the format of each preview for the document list is modified?Feb 3, 2021
I have an array of references to a country schema type but it always just returns NULL values for meJan 30, 2021
Hi, I need help with a query for getting the url of an image asset. Here is what I've been trying, but I only get the _ref...Dec 1, 2020
Sanity UI looks brilliant :smiley: Is something like the current date picker possible at the moment? I’m not sure if anicon...Dec 21, 2020
Hey everyone. I have been coding and may have potentially accidentally deleted something. Does anyone know how to resolve...Dec 26, 2020
Hello everyone and happy new year :raised_hands::skin-tone-2:, I have a problem with outputting Portable Text :disappointed:...Jan 1, 2021

Related contributions

Clean Next.js + Sanity app
- Template

Official(made by Sanity team)

A clean example of Next.js with embedded Sanity ready for recomposition.

Cody Olsen
Go to Clean Next.js + Sanity app

Blog with Built-in Content Editing
- Template

Official(made by Sanity team)

A Sanity-powered blog with built-in content editing and instant previews.

Go to Blog with Built-in Content Editing