Cannot populate content types from plugin with "Custom" API token?

System Information
  • Strapi Version: v4.8.1
  • Operating System: Debian
  • Database: SQLite
  • Node Version: 18
  • Yarn Version: 3.5.0


I’m writing a Strapi plugin that adds a content type (say, I also have a content type (say, with a one-to-one relation field (say, fooBar) to

If I use an API token with “Full Access” or “Read-only” token type, with the ?populate=fooBar query, I can get the entries of with the associated entry in the fooBar field. However, if I use an API token with “Custom” token type, which permits read access (find and findOne) to, the ?populate=fooBar query does not work and the response is missing the fooBar field.

My guess is that it needs an explicit permission to get entries when I’m using “Custom” token type, but it does not appear in the permission settings.

How can I fix this? Thanks in advance!

1 Like

You need to enable find permission in users-permissions I think

Users & Permissions Plugin > Roles > Authenticated does not recognize either.

It seems that API and Role permissions only recognize content types with routes. It seems fair that the permissions for cannot be configured because it does not have the associated routes, but then I’m starting to wonder why it allows population with Full Access and Read-only API tokens in the first place. Why is it possible for these types of API tokens to populate it despite there are no routes for it?

1 Like

find needs to be enabled as a protection of populating stuff while you should not be allowed to I agree with your opinion that this should be done diffrently