Skip to content
Sanity
  • Docs
  • Reference
  • Guides
  • Plugins & tools
  • Contact sales
  • Log in
  • Get started
DocumentationData storeSecurity
    • Introduction

      • What you need to know

    • Getting started

      • Starter projects

      • Start with CLI

    • Sanity Studio

      • Configuration

        • Project Structure
        • sanity.json
        • Environment variables
      • Content modelling

        • Best practices
        • Naming things
        • Content types
      • Customization

        • NEWEarly Access: Sanity UI
        • Styling
        • Preview / List View
        • Icons for data types
        • Sort orders
        • The parts system
        • Plugins
        • Custom Input Components
        • Custom asset sources
      • Block content

        • The rich text editor
        • Configuration
        • Customization
        • Previewing
        • Presenting Portable Text
      • Validation

      • Document history

        • NEWCustom Diff Components
      • Dashboard

        • Introduction
        • Installing widgets
        • Create widgets
      • Structure Builder

        • Introduction to Structure Builder
        • Set up Structure Builder to override the default list view
        • Create a link to a single edit page in your main document type list
        • Manually group items in a pane
        • Dynamically group list items with a GROQ filter
        • Create custom document views with Structure Builder
      • Initial Value Templates

      • Custom workflows

        • Document actions
        • Document badges
      • NEWPresence API

      • Studio hosting

      • Preview in frontend

      • Localization

      • Drafts

      • Experimental Features

      • Spaces

      • Action UI affordances

      • Studio search config

    • Data store

      • Query language (GROQ)

        • How Queries Work
        • Query Cheat Sheet
        • GROQ Playground
      • GraphQL

      • Images & assets

        • Assets
        • Asset CDN
        • Presenting Images
      • API CDN

      • Real-time

        • Webhooks
        • Real-time Updates
      • Datasets

        • NEWHot Swap
        • NEWCloud Clone
      • Updating content

        • Transactions
        • Migrating Data
      • IDs and paths

      • Importing data

      • Security

        • Browser security & CORS
        • Access Your Data (CORS)
        • Access Control
        • Third-Party Login (SSO)
        • Keeping your data safe
      • Technical limits

    • Build with Sanity

      • Convince your team

      • Convince your clients

      • Pro Bono Plans

      • Open-source projects

      • Non-profit organizations

    • Reference docs

      • HTTP API

        • URL format
        • Authentication
        • Patches
        • Using JSONMatch
        • Endpoints
        • Assets
        • Doc
        • Export
        • History
        • Listen
        • Mutate
        • Projects
        • NEWJobs
        • Query
      • Query language (GROQ)

        • Syntax
        • Data Types
        • Operators
        • Functions
        • Pipeline Components
        • Joins
      • Schema types

        • Array
        • Block
        • Boolean
        • Date
        • Datetime
        • Document
        • File
        • Geopoint
        • Image
        • Number
        • Object
        • Reference
        • Slug
        • String
        • Span
        • Text
        • URL
      • Command line interface

        • Build
        • CORS
        • Dataset
        • Debug
        • Deploy
        • Docs
        • Documents
        • Exec
        • GraphQL
        • Help
        • Hook
        • Init
        • Install
        • Login
        • Logout
        • Manage
        • Projects
        • Start
        • Versions
        • Undeploy
        • Upgrade
      • Client libraries

        • JavaScript
        • PHP
        • .NET
      • Structure builder

      • Initial Value Templates API

      • Image transformations

        • NEWIIIF API reference
      • Studio React hooks

      • Document Actions API

      • Document Badges API

      • Project Management

      • Projects, organizations, and billing

      • Plans and Payments

    Security

    Learn about how to keep your data safe, access it securely and how you can produce fine grained access control for your content.

    Browser security & CORS

    Best security practice when using access tokens when interacting with the API.

    Access Your Data (CORS)

    Decide which domains may access your project data.

    Access Control

    Specifying who can access your data

    Third-Party Login (SSO)

    Describes integration with third-party authentication systems

    Keeping your data safe

    Best practices for access token security.

    Technical limits

    A list of data store limits
    Sanity
    Loading…

    Product

    • Structured content
    • Developer experience
    • Sanity Studio
    • Pricing
    • Enterprise
    • Security & compliance

    Resources

    • Get started
    • Documentation
    • Reference documentation
    • Guides
    • Plugins & tools
    • Case studies
    • Solutions
    • Starter projects
    • Headless CMS explained

    Company

    • Contact us
    • Blog
    • Careers
    • Terms of service
    • Privacy policy

    Subscribe to our newsletter

    Places to find Sanity

    • @sanity-io
    • Join our Slack
    • @sanity_io
    • YouTube channel
    • Stack Overflow
    • Read our Blog