Custom API Endpoint Authed Access

I’ve created an custom api endpoint and everything appears to be up and working as expected atm when I set the route config: {auth: false}. However, when attempting to secure the route I’m getting a 401.

routes: test-auth-api.js

module.exports = {
  routes: [
     method: 'GET',
     path: '/test-auth-api',
     handler: 'test-auth-api.exampleAction',
     config: {
       // auth: false,
       auth: {
         strategies: ["jwt"],
       policies: [],
       middlewares: [],

controllers: test-auth-api.js

module.exports = {
  exampleAction: async (ctx, next) => {
    try {
      ctx.body = 'ok';
    } catch (err) {
      ctx.body = err;

I’ve made sure to also allow the role access to this endpoint as well (as seen in the uploaded screenshot).

What might I be doing wrong or not have set in order for me to secure this down to the role that the user is logged in as?

Thanks in advance. Been banging my head on this for a bit.

This topic has been created from a Discord post (1240428081651515483) to give it more visibility.
It will be on Read-Only mode here.
Join the conversation on Discord

For authenticated end-points, you will need to include the JWT token in the request header(Authorization header aka bearer token).

I am including it when making the requets as Authorization Bearer TOKEN

And meant to include this is on Strapi 4.22.1

and to be clear the request being made is

curl --location 'http://localhost:1337/api/test-auth-api' --header 'Authorization: Bearer [JWT_TOKEN]'