Structured Content 2022: Join our conference to explore fresh perspectives on content and digital experiences →

Sanity client: CDN + authorization token

As detailed in the API CDN documentation, requests that include an authorization token cannot be cached. When you configure the Sanity client with a token and perform a query, we automatically route your request to the live API instead of the API CDN. Since this is probably not what you want, you will usually want to set the setCdn option to false, or remove the token.

Here are a couple of recipes to help you decide the right course of action:

Query a private dataset

If you include a token in a so called "single page application" which is public facing, your data is, in principle, already public. In this case, setting the dataset as private doesn't necessarily make sense. If, on the other hand, you actually want your data to be private - make sure that your application do not publicly disclose the token, and set the useCdn setting to false, since it will never use the API CDN anyway.

Do queries and mutations with the same client

In this case, instantiate two clients instead of one. One for write operations, and one for queries:

import sanityClient from '@sanity/client'

export const writeClient = sanityClient({
  projectId: 'some-project-id',
  dataset: 'my-dataset',
  token: process.env.SANITY_AUTH_TOKEN,
  useCdn: false

export const readClient = sanityClient({
  projectId: 'some-project-id',
  dataset: 'my-dataset',
  useCdn: true

Was this article helpful?