Get help on Discord

I have documents being created via the HTTP API, but when I go to query these documents on the front-end of my app, it's not returning any results.

15 replies
Last updated: Oct 28, 2020
hey all, I'm running into a really odd issue. I have documents being created via the 
HTTP API
, but when I go to query these documents on the front-end of my app, it's not returning any results. My dataset is public, I used a token when creating the documents, but I'm not using a token on the front-end (for security purposes). The moment I add a token to my front-end sanity client, it works fine. Is there some kind of limitation where documents created with tokens are somehow private?
I'm able to retrieve other documents on my front-end that were manually created through the studio and NOT through the 
HTTP API
, so I'm super confused here.
user Y
maybe you can shed some light on this?
AI Update

Ah, I think I know what's happening here! This is almost certainly a draft vs. published document issue.

When you create documents via the HTTP API, they're typically created as draft documents by default (with an _id prefixed by drafts.). The key thing to understand is that draft documents are not visible to unauthenticated queries on public datasets.

Here's what's happening:

  1. Your HTTP API creates documents with IDs like drafts.some-document-id
  2. Your frontend queries without a token can only see published documents (IDs without the drafts. prefix)
  3. When you add a token to your frontend client, it authenticates and can now see draft documents
  4. Documents created manually in Studio work fine because Studio automatically publishes them (creating both the draft AND the published version)

The Solution

You have two options:

Option 1: Publish the documents when creating them via API

Create the published document directly (without the drafts. prefix):

// Create the published document (no drafts. prefix)
await client.create({
  _id: 'some-document-id', // No drafts. prefix
  _type: 'yourType',
  // ... your fields
})

Or if you're creating drafts first, publish them by creating the non-draft version:

// First create draft
await client.create({
  _id: 'drafts.some-document-id',
  // ... your data
})

// Then "publish" by creating without drafts. prefix
await client.create({
  _id: 'some-document-id', // Remove drafts. prefix
  // ... same data
})

Option 2: Use the previewDrafts perspective on your frontend

If you need to see drafts on the frontend (for preview purposes), you can configure your client with the previewDrafts perspective, but this requires authentication:

const client = createClient({
  // ... config
  perspective: 'previewDrafts',
  token: process.env.SANITY_API_TOKEN, // Required for drafts
  useCdn: false // Can't use CDN with drafts
})

Since you mentioned security concerns about tokens on the frontend, Option 1 is probably what you want - just create published documents directly via the API by omitting the drafts. prefix from your document IDs.

The draft documents documentation explains this behavior in detail - drafts are essentially "private" until published, which is why they require authentication to query.

Show original thread
15 replies
You might have stumbled into https://www.sanity.io/docs/ids ? are you generating the id on those docs yourself?
yup I am creating the ids myself!
I think I'm seeing the issue...
I'm doing this structure for ID's:
product.xxxxxx
You might have stumbled into https://www.sanity.io/docs/ids ? are you generating the id on those docs yourself?
user Y
sounds like that last 
gotcha
about "fixed access control" is the issue I'm experiencing?
What kind of alternatives do I have? Is it better to just avoid using the 
.
here (I don't really need the grouping, was just trying to ensure the IDs here were sure to be different since the 
xxxx
is coming from a 3rd-party)
yup!
so maybe just doing 
productxxxxxxx
instead?
use a
 maybe?
product-xxx
ahh
ok let me try that, thank you!!
user Y
that was the culprit, all good now! 🙌

Sanity – Build the way you think, not the way your CMS thinks

Sanity is the developer-first content operating system that gives you complete control. Schema-as-code, GROQ queries, and real-time APIs mean no more workarounds or waiting for deployments. Free to start, scale as you grow.

Get started for freeExplore the demo

Was this answer helpful?