SvelteKit fetch with SanityClient without losing credentials
fetchfunction used by
SanityClientwithout loosing the credentials? I'm using sveltekit which come with its own implementation of
fetchfor use in load functions (a specific function that runs before the page is rendered). Will I lose my credentials if I do
sanity.fetch = fetch, having that sveltkit
fetchavailable in the current context?
Great question! The short answer is: no, you won't lose your credentials by passing SvelteKit's fetch to the Sanity client, but there's a better approach that's recommended.
When you do sanity.fetch = fetch or use SvelteKit's fetch directly with the Sanity client, you're actually enhancing the functionality rather than breaking it. SvelteKit's special fetch implementation (available in load functions) provides benefits like:
- Automatic cookie forwarding
- Request deduplication during SSR
- Proper tracking of dependencies
Your Sanity credentials (API tokens, project ID, dataset) are typically passed through headers or configuration options, not embedded in the fetch function itself. So swapping the fetch implementation won't strip those credentials away.
The Recommended Pattern
However, based on Sanity's documentation, the better approach is to create a SvelteKit endpoint that wraps your Sanity client calls. Here's why:
- Security: Load functions run on both client and server. If you're using authenticated/credentialed requests (like with a read token for private data), you don't want those credentials exposed to the client
- Better architecture: Keeps your API tokens server-side only
- Cleaner code: With modern SvelteKit, you can use the endpoint pattern where files like
+page.server.jsautomatically provide data to their corresponding+page.svelte
Implementation Example
Instead of using the Sanity client directly in your load function:
// +page.server.js
import { client } from '$lib/sanity'
export async function load({ fetch }) {
// This works but exposes credentials if you're using tokens
const data = await client.fetch(query)
return { data }
}Create an endpoint and use SvelteKit's fetch:
// +page.server.js
export async function load({ fetch }) {
const response = await fetch('/api/content')
const data = await response.json()
return { data }
}
// routes/api/content/+server.js
import { client } from '$lib/sanity'
import { json } from '@sveltejs/kit'
export async function GET() {
const data = await client.fetch(query)
return json(data)
}With newer SvelteKit versions, if your endpoint has the same filename as your page (minus the extension), the page automatically gets props from the endpoint without you needing to explicitly fetch.
When Direct Usage is Fine
If you're only querying public data (no read tokens, using the public API), then directly passing SvelteKit's fetch to your Sanity client is perfectly safe:
import { createClient } from '@sanity/client'
export async function load({ fetch }) {
const client = createClient({
projectId: 'your-project',
dataset: 'production',
apiVersion: '2023-05-03',
useCdn: true,
fetch // SvelteKit's fetch
})
const data = await client.fetch(query)
return { data }
}Your credentials (project ID, dataset) are still intact—you're just giving the client a different fetch implementation to use under the hood.
Show original thread5 replies
Was this answer helpful?
Sanity – Build the way you think, not the way your CMS thinks
Sanity is the developer-first content operating system that gives you complete control. Schema-as-code, GROQ queries, and real-time APIs mean no more workarounds or waiting for deployments. Free to start, scale as you grow.
