Get help on Discord

How to access Sanity Users API - "Robots are not allowed" error with token

12 replies
Last updated: Nov 29, 2025
Hi All,I am using the following API:

<http://api.sanity.io/vX/access/projects/{projectId}/users|api.sanity.io/vX/access/projects/{projectId}/users>
This is as per the documentation:
Sanity API Reference .I have created a token with all permissions enabled, but I am still unable to access the Users API.
The API is returning the error:
"Robots are not allowed."

I think I need to create a auth token to access this api
but I am not able to find documentation for it

Could someone please help me with this?
AI Update

The "Robots are not allowed" error you're encountering with the Sanity Users API has been resolved! Here's what happened and how to fix it:

What Was Happening

The Access API (which includes the Users endpoint at api.sanity.io/vX/access/projects/{projectId}/users) was initially configured to only accept personal user tokens, not robot tokens. This was an intentional restriction when the API was first released.

The Solution

Good news: As of January 17, 2025, the Sanity backend team pushed a change that now allows you to use robot tokens with the Access API.

How to Use It Now

You can now access the Users API with a standard robot token:

  1. Create a robot token in your project's management console:

    • Go to Settings → API → Tokens
    • Click "Add new token"
    • Give it appropriate permissions
    • Copy the token (it's only shown once!)

  2. Use the correct API version - Replace vX with an actual API version like v2025-01-09 (format: vyyyy-mm-dd)

  3. Make your request with the robot token:

curl -H "Authorization: Bearer YOUR_ROBOT_TOKEN" \
  https://YOUR_PROJECT.api.sanity.io/v2025-01-09/access/projects/YOUR_PROJECT_ID/users

Alternative: Personal Token (If Needed)

If for some reason you still need to use a personal token, you can get yours by running:

sanity debug --secrets

Look for the "Auth token" value under "Authentication". However, this is no longer necessary since robot tokens now work with the Access API.

Important Notes

  • Make sure you're using a dated API version (like v2025-01-09), not vX, v2, or v3
  • Robot tokens are the recommended approach for programmatic access
  • Store your tokens securely as environment variables, never commit them to version control
  • The Access API documentation provides full details on available endpoints

About Robot vs Personal Tokens

As explained in the Sanity authentication documentation:

  • Personal tokens are tied to your user account and give complete access as your user. They last for one year (shorter with SAML SSO)
  • Robot tokens are dedicated tokens for applications with specific permissions. They last until deleted and are the recommended approach for programmatic access
  • Not all APIs allow robot tokens, but the Access API now does!

The issue has been resolved at the platform level, so you should now be able to access the Users API with your robot token without any "Robots are not allowed" errors!

Show original thread
12 replies

Sanity – Build the way you think, not the way your CMS thinks

Sanity is the developer-first content operating system that gives you complete control. Schema-as-code, GROQ queries, and real-time APIs mean no more workarounds or waiting for deployments. Free to start, scale as you grow.

Get started for freeExplore the demo

Was this answer helpful?