Understanding private datasets and read tokens in Sanity.io

Hey Fam!I am quite new to Sanity and I have a question about the private dataset / read token!

So for me I think it would be the best to have the datasets private since I don’t want anybody who has the api url be able to fetch data.
I already made the dataset private and added a read token to my queries so I can fetch the data.

• But with the read token also the drafts are returned also on the deployed version of the app (which I don’t want)
Is there a way / setting so that the dataset can be private and does not return drafts?

Maybe I also have some misunderstanding here.. :D

would be great if anybody could help me to understand this better!

Thank you in advance and have a great weekend already!

👋 Using a token gets you access to all documents, including those that are on a non-root path (like a draft). Here’s an explanation that should help make this a bit clearer.

❤️ thank you!