Get help on Discord

Issue with authorization token causing "Session does not match project host" error during GROQ request in Next.js build.

12 replies
Last updated: Jan 12, 2021
Hej,
I’ve made a dataset private and created a token. I worked once, the second time around i’m getting this for my requests:


    body: {
      message: 'Session does not match project host',
      statusCode: 401,
      error: 'Unauthorized'
    },
What does that mean?
AI Update

This error typically means there's a mismatch between the project ID configured in your client and the project where your authentication token was created. The "session" refers to your authenticated request, and "project host" refers to the Sanity project you're trying to access.

Here are the most common causes and solutions:

Check Your Project ID

The most likely issue is that your client configuration is pointing to a different project than the one where you created the token. Verify that:

  1. Your token was created for the correct project - Check in Sanity Manage under the API tab
  2. Your client configuration uses the matching project ID - Look at your sanity.config.ts or wherever you initialize your Sanity client:
const client = createClient({
  projectId: 'your-project-id', // Must match the token's project
  dataset: 'your-dataset',
  token: process.env.SANITY_API_TOKEN,
  useCdn: false
})

Common Scenarios That Cause This

  • Multiple projects: You created the token in Project A but your code is configured for Project B
  • Copy-pasted configuration: You copied config from another project but forgot to update the project ID
  • Environment variables: Your .env file has the token from one project but the project ID from another

Quick Fix

  1. Go to Sanity Manage
  2. Confirm which project your token belongs to (check the URL and project name)
  3. Copy the correct project ID from the project settings
  4. Update your client configuration to use that exact project ID
  5. Ensure your dataset name also matches

If you're working with multiple Sanity projects, it's helpful to store both the project ID and token together in your environment variables to keep them paired correctly:

SANITY_PROJECT_ID=abc123
SANITY_DATASET=production
SANITY_API_TOKEN=sk...

This way, you can be sure they're always in sync! Since it worked once and then failed, double-check if you recently switched projects or updated any configuration files.

(normal http groq request btw)
• creating a new token does not fix it• setting the dataset to public again does not fix it (as long as you’re still sending a token)
(I need auth to access non-root-path-docs )
Hi User. How are you sending the GROQ request? Is the authorization token being sent along?
Hi User,It’s during next.js build using 
@sanity/client
.Pretty sure the token is being sent along (works with public and no token).

.env

STUDIO_TOKEN=skLRHxVmhBpirP0…notmyrealtoken…ggdOQdendi
client.js

export const sanityConfig = {
  projectId:
    process.env.NEXT_PUBLIC_STUDIO_PROJECT_ID ||
    process.env.SANITY_STUDIO_API_PROJECT_ID,
  dataset:
    process.env.NEXT_PUBLIC_STUDIO_DATASET ||
    process.env.SANITY_STUDIO_API_DATASET ||
    'production',
  token: process.env.STUDIO_TOKEN,
  useCdn: process.env.NODE_ENV === 'production',
};

const client = sanityClient(sanityConfig);

export default client;
If you open your query in your browser (e.g., 
<https://abc.api.sanity.io/v1/data/query/production?query=*>
), do you get something back (i.e., all the public paths)?
Hi User - have you verified that your build environment variables are correctly set up? If you host on a platform like Netlify or Vercel, these are not normally pulled from 
.env
files anymore but require additional config.
On Vercel:
https://vercel.com/docs/environment-variables On Netlify:
https://docs.netlify.com/configure-builds/environment-variables/
Also, just to rule this out, are you sure the token you added belongs to the correct project? Sometimes that exact error message means you've used a different project's token.
faceplam
Gosh darnit 😄I feel so stupid now. You’re exactly right, i just added the token to the wrong project.

🦥

Thx
user M
and
user A
faceplam
Gosh darnit 😄I feel so stupid now. You’re exactly right, i just added the token to the wrong project.

🦥

Thx
user M
and
user A

Sanity – Build the way you think, not the way your CMS thinks

Sanity is the developer-first content operating system that gives you complete control. Schema-as-code, GROQ queries, and real-time APIs mean no more workarounds or waiting for deployments. Free to start, scale as you grow.

Get started for freeExplore the demo

Was this answer helpful?