✨Discover storytelling in the AI age with Pixar's Matthew Luhn at Sanity Connect, May 8th—register now

Understanding the security of project data in Sanity.io.

2 replies
Last updated: Jul 4, 2023
Hello everyone,
I have a question regarding the security of my Sanity project data. I was wondering if there is a way to prevent unauthorized access to my data through the Project ID. I noticed that when I replace the Project ID in the Query URL (generated from the Vision Tool in Sanity Studio) with the Project ID from my other Sanity project, I am able to view the data. However, when I tried using a random Project ID I found online, I couldn't access their data (No result shown, just blank array). I'm curious to understand why this is the case.

This is a very beginner question, but I would appreciate any clarification. Thank you!
Jul 3, 2023, 6:44 PM
Hi
user D
. It’s a good question. A dataset that’s public can be queried without authentication, meaning that any documents on a non-root path (i.e., without a period in the
_id
) are publicly viewable. Documents that are on a non-root path, which includes drafts, are not visible without authentication.
If you’d like to hide
all documents from a query, you can make your dataset private in Manage , though note that all queries would then require authentication (i.e., a token).
Jul 3, 2023, 6:49 PM
Got it, thank you!
Jul 4, 2023, 8:48 AM

Sanity– build remarkable experiences at scale

Sanity is a modern headless CMS that treats content as data to power your digital business. Free to get started, and pay-as-you-go on all plans.

Was this answer helpful?