Get help on Discord

Fetching drafts with previewDrafts perspective returns empty array

14 replies
Last updated: Feb 5, 2024
Hey all,
I have an issue with fetching drafts from Sanity, here is my code, it's pretty basic:

const clientConfig: ClientConfig = {
	dataset,
	projectId,
	apiVersion,
	useCdn: false,
	perspective: "previewDrafts",
};

const client = createClient(clientConfig);

const query = `*[ (_id in path('drafts.**')) ]`;

const data = await client.fetch(query);
I'm trying to get all drafts, if I run the same query inside Vision inside the Sanity studio, it does return 1 document. If I change the query to return non-drafts (e.g. *[]), the code also works fine, it's just drafts that it doesn't want to return (it returns an empty array, no errors). Could it be some permissions or set up issue?
AI Update

Hey! I can see what's happening here. The issue is actually related to authentication requirements for accessing documents with dots in their _id, which includes drafts.

According to Sanity's documentation on IDs and Paths, there's an important security rule:

Any document ID containing a dot (.) can only be accessed when authenticated. This includes all draft documents since they have IDs like drafts.your-document-id.

From the docs:

"All documents that contain a . in their _id can only be accessed when a user is logged in or a valid authentication token is provided for client and HTTP API calls (minimum read permission required)."

The Solution

You need to add an API token to your client configuration. Here's how to fix it:

  1. Create an API token in your Sanity project:

    • Go to manage.sanity.io or run npx sanity@latest manage
    • Navigate to API settings
    • Create a token with at least "Viewer" permissions

  2. Update your client configuration to include the token:

const clientConfig: ClientConfig = {
  dataset,
  projectId,
  apiVersion,
  useCdn: false,
  perspective: "previewDrafts",
  token: process.env.SANITY_API_TOKEN, // Add this line
};

const client = createClient(clientConfig);
const query = `*[(_id in path('drafts.**'))]`;
const data = await client.fetch(query);
  1. Store your token securely in environment variables (never commit it to your codebase).

Why Vision Works But Your Code Doesn't

The Vision plugin in Sanity Studio works because you're already authenticated when logged into the Studio. Your external code, however, needs explicit authentication via a token to access any documents with dots in their IDs.

Additional Notes

  • The previewDrafts perspective also requires authentication to work properly
  • The root path (published documents without dots) is publicly accessible, which is why your *[] query works fine
  • Make sure your token has appropriate read permissions for the dataset you're querying

This is a security feature to prevent unauthorized access to draft content and other internal documents.

Show original thread
14 replies
That kinda sounds like the client isnt authenticated 🤔 Since that is the only reason it shouldnt return any documents for draft-queries, but it works correctly for other queries: https://www.sanity.io/docs/ids#:~:text=The%20default%2C%20fixed,on%20your%20plan .
Ie, all documents with 
.
in the 
_id
need to be gotten by a authenticated client.
How do I authenticate the client? I tried adding an API token in the client config, but it didn't make a difference
Oh, the 
perspective: previewDrafts
actually fetches how any given document would look if its drafts were publisdeh and it would be returned by a given query. Ie, it merges the draft-version into a specific 
_id
and stops using the 
drafts.*
prefix: https://www.sanity.io/docs/js-client#previewdrafts
Ie, since youre searching for “give me all drafts” in a mode that says “no draft exists, they are all published” you get 0 results.
Authenticating a client should be as simple as setting 
token: TOKEN
but in this case that isnt the problem, but it will be relevant dependent on how you move forward 😄 ( ie, change 
perspective
to something normal and continue using 
_id in paths
or change your query to just get the documents you want drafts for with 
previewDrafts
enabled )
Hmm, I tried every combination of perspective (published, raw, no perspective option), with or without an API token, still returning empty
The docs seem to say this about the token:
  // token: process.env.SANITY_SECRET_TOKEN // Only if you want to update content with the client

Any document with a 
.
in its 
_id
will need to be authenticated to be queried ( per the gotcha here, and painful experience: https://www.sanity.io/docs/ids#:~:text=The%20default%2C%20fixed,on%20your%20plan . ) . To verify if you have successfully authenticated with your client you can:• run
client.config() after configuring and verifying the token is in the returned configuration-object• run a “normal” query which should return something against a private dataset, with and without token, thus verifying your authentication is correct, if the results are different with and without token
This might be the wrong path, the error might be something else. But if you get the result you want from vision and not from your client, authentication-problems are what my intuition tells me is the problem 😄
Thanks, will try debugging config and see if I find any issues
Turns out the token wasn't the correct one, once I replaced it, it works!
Thanks for the help
user C

Sanity – Build the way you think, not the way your CMS thinks

Sanity is the developer-first content operating system that gives you complete control. Schema-as-code, GROQ queries, and real-time APIs mean no more workarounds or waiting for deployments. Free to start, scale as you grow.

Get started for freeExplore the demo

Was this answer helpful?