Fetching drafts with previewDrafts perspective returns empty array
I have an issue with fetching drafts from Sanity, here is my code, it's pretty basic:
const clientConfig: ClientConfig = {
dataset,
projectId,
apiVersion,
useCdn: false,
perspective: "previewDrafts",
};
const client = createClient(clientConfig);
const query = `*[ (_id in path('drafts.**')) ]`;
const data = await client.fetch(query);Hey! I can see what's happening here. The issue is actually related to authentication requirements for accessing documents with dots in their _id, which includes drafts.
According to Sanity's documentation on IDs and Paths, there's an important security rule:
Any document ID containing a dot (.) can only be accessed when authenticated. This includes all draft documents since they have IDs like drafts.your-document-id.
From the docs:
"All documents that contain a
.in their _id can only be accessed when a user is logged in or a valid authentication token is provided for client and HTTP API calls (minimumreadpermission required)."
The Solution
You need to add an API token to your client configuration. Here's how to fix it:
Create an API token in your Sanity project:
- Go to manage.sanity.io or run
npx sanity@latest manage - Navigate to API settings
- Create a token with at least "Viewer" permissions
Update your client configuration to include the token:
const clientConfig: ClientConfig = {
dataset,
projectId,
apiVersion,
useCdn: false,
perspective: "previewDrafts",
token: process.env.SANITY_API_TOKEN, // Add this line
};
const client = createClient(clientConfig);
const query = `*[(_id in path('drafts.**'))]`;
const data = await client.fetch(query);- Store your token securely in environment variables (never commit it to your codebase).
Why Vision Works But Your Code Doesn't
The Vision plugin in Sanity Studio works because you're already authenticated when logged into the Studio. Your external code, however, needs explicit authentication via a token to access any documents with dots in their IDs.
Additional Notes
- The
previewDraftsperspective also requires authentication to work properly - The root path (published documents without dots) is publicly accessible, which is why your
*[]query works fine - Make sure your token has appropriate read permissions for the dataset you're querying
This is a security feature to prevent unauthorized access to draft content and other internal documents.
Show original thread14 replies
Was this answer helpful?
Sanity – Build the way you think, not the way your CMS thinks
Sanity is the developer-first content operating system that gives you complete control. Schema-as-code, GROQ queries, and real-time APIs mean no more workarounds or waiting for deployments. Free to start, scale as you grow.
