Get help on Discord

Sanity editor token "Insufficient permissions" error on asset upload

43 replies
Last updated: Nov 29, 2025
Hey all, Ive set up an editor token for my Nextjs app but I'm getting 
Upload failed: the mutation(s) failed: Insufficient permissions; permission "create" required
when trying to upload a file to 
client.assets
AI Update

This is a common permission issue! When you create an Editor token in Sanity, it might not have the specific permissions needed for asset operations. Here's what's happening and how to fix it:

The Problem

The error Insufficient permissions; permission "create" required when using client.assets.upload() means your token doesn't have the necessary permissions to create assets in your project, even though it's labeled as an "Editor" token.

The Solution

You need to ensure your token has a role with asset creation permissions:

  1. Go to Sanity Manage - Access it via your Studio menu or run npx sanity@latest manage in your terminal

  2. Navigate to the API tab and find your token (or create a new one)

  3. Assign a role with asset permissions - The key is to use a role that explicitly includes asset operations. The standard "Editor" role should work, but if you're using custom roles, make sure they include:

    • sanity.assets.create permission
    • sanity.assets.upload permission

  4. Verify you're using a Robot Token (not a Personal Token) for production use, as robot tokens can be assigned specific roles independent of individual users

Check Your Client Configuration

Make sure you're passing the token correctly in your Next.js app:

import {createClient} from '@sanity/client'

const client = createClient({
  projectId: 'your-project-id',
  dataset: 'your-dataset',
  token: process.env.SANITY_API_TOKEN, // Make sure this is set
  useCdn: false, // Must be false for write operations
  apiVersion: '2024-01-01'
})

Important: Never expose write tokens in client-side code! If you're uploading from the browser, implement a serverless function or API route that handles the upload server-side where the token remains secure.

Common Gotchas

  • Custom roles: If your project uses custom roles, verify they include asset permissions in the role definition
  • Dataset restrictions: Some roles might be restricted to specific datasets - ensure your token's role has access to the dataset you're uploading to
  • Token regeneration: If you just created/modified the token, try regenerating it or creating a fresh one
  • useCdn must be false: Asset uploads require useCdn: false in your client configuration

If you're still having issues after checking the role permissions, try creating a completely new robot token with explicit Editor or Administrator permissions to rule out any token-specific issues. You can verify the token's permissions by checking which role it's assigned in the Sanity Manage interface.

Show original thread
43 replies

Sanity – Build the way you think, not the way your CMS thinks

Sanity is the developer-first content operating system that gives you complete control. Schema-as-code, GROQ queries, and real-time APIs mean no more workarounds or waiting for deployments. Free to start, scale as you grow.

Get started for freeExplore the demo

Was this answer helpful?