Where to put tokens for private datasets in Sanity.io
7 replies
Last updated: Feb 17, 2021
D
Can anyone point me in the direction of where tokens go for private datasets please?
Feb 17, 2021, 2:14 PM
T
Can you clarify what you mean by "where tokens go"? Do you mean safely storing them for use, how you generate them or how you use them?
Feb 17, 2021, 2:25 PM
D
Sorry, I should have explained better.
I have a private dataset and I have generated a token already and have that saved. I don’t know where I have to put this token in order for the frontend to read from sanity / studio.
I basically get “nothing was found from siteSettings” because the token has not been added and thus allowing localhost to read the data.
Does that make sense?
I have a private dataset and I have generated a token already and have that saved. I don’t know where I have to put this token in order for the frontend to read from sanity / studio.
I basically get “nothing was found from siteSettings” because the token has not been added and thus allowing localhost to read the data.
Does that make sense?
Feb 17, 2021, 2:49 PM
T
No worries 🙂
You need to give the token to the client you are using to communicate with Sanity. I.e.: for the JavaScript client you must pass it to the creator function as described here using the
If you are using Gatsby or some other framework there may be other locations (e.g.:
https://www.sanity.io/docs/gatsby-source-plugin#install )
Note that you may want to avoid passing the token to the front-end directly as it will be easily readable by anyone who visits your page. For such cases I've been using a proxy server that expose only certain endpoints. It then translates these into GROQ queries and uses its own client with the token to make requests. It's a bit more complex to set up, but you avoid sharing your token with the world.
e.g.: Front-end -> GET
myproxy.com/posts -> Proxy GROQ -> Sanity
You need to give the token to the client you are using to communicate with Sanity. I.e.: for the JavaScript client you must pass it to the creator function as described here using the
tokenproperty: https://www.sanity.io/docs/js-client#api
If you are using Gatsby or some other framework there may be other locations (e.g.:
https://www.sanity.io/docs/gatsby-source-plugin#install )
Note that you may want to avoid passing the token to the front-end directly as it will be easily readable by anyone who visits your page. For such cases I've been using a proxy server that expose only certain endpoints. It then translates these into GROQ queries and uses its own client with the token to make requests. It's a bit more complex to set up, but you avoid sharing your token with the world.
e.g.: Front-end -> GET
myproxy.com/posts -> Proxy GROQ -> Sanity
Feb 17, 2021, 2:56 PM
J
Feb 17, 2021, 2:58 PM
D
Awesome, thanks for those. I will read through them and try to get it all wired up!
Feb 17, 2021, 3:11 PM
G
Hi User. If you haven’t seen this already, please also check out https://www.sanity.io/docs/http-auth#securing-your-api-token-504058b73b71 .
Also, thank you for providing some great links,
Also, thank you for providing some great links,
user H
.Feb 17, 2021, 4:29 PM
D
All sorted now thank you, the answer was staring me in the face this whole time 😂
Feb 17, 2021, 4:54 PM
Sanity– build remarkable experiences at scale
Sanity is a modern headless CMS that treats content as data to power your digital business. Free to get started, and pay-as-you-go on all plans.