✨Discover storytelling in the AI age with Pixar's Matthew Luhn at Sanity Connect, May 8th—register now

How to securely send requests to Sanity in a Next.js app using API routes.

3 replies
Last updated: Sep 29, 2023
hello, I am working on nextjs+ embeded Sanity. I came across a problem. I have a Review component. On button click I want to send a request to sanity to create new review document. And here is the issue. I can only send a request if token is added directly to the client. If I add token to my .env file I get error that I don't have permission. Any ideas what to do in this case? I use Nextjs with app directory
Sep 29, 2023, 12:27 PM
Hey
user U
. The Sanity client can freely read information, but you need an API key to perform writes. That being said, you should not expose security-sensitive API keys to the client. The correct route in your case would be to use a Next API route , having your write key as a non-public environment variable (i.e. not starting with
NEXT_PUBLIC_
). You would then call your own API route to achieve the behaviour you want
Sep 29, 2023, 12:58 PM
I see, Thank you for your answer!
Sep 29, 2023, 1:02 PM
Sure thing. Let me know if you need any further help
Sep 29, 2023, 1:04 PM

Sanity– build remarkable experiences at scale

Sanity is a modern headless CMS that treats content as data to power your digital business. Free to get started, and pay-as-you-go on all plans.

Was this answer helpful?