Error 405 on Strapi request

System Information
  • Strapi Version: 3.6.2
  • Operating System: Windows WSL2 Ubuntu 18.04
  • Database: sqlite3 5.0.0
  • Node Version: 12.18.3
  • NPM Version: 6.14.6
  • Yarn Version: 1.22.5

I’ve tried, but it’s returning an error =/:

UnhandledPromiseRejectionWarning: Error: Request failed with status code 405

The response:

response: {
  status: 405,
  statusText: 'Method Not Allowed',
  headers: {
    vary: 'Origin',
    'strict-transport-security': 'max-age=31536000; includeSubDomains',
    'x-frame-options': 'SAMEORIGIN',
    allow: 'HEAD, GET',
    'x-powered-by': 'Strapi <>',
    'x-response-time': '17ms',
    'content-type': 'text/plain; charset=utf-8',
    'content-length': '18',
    date: 'Mon, 17 May 2021 20:10:04 GMT',
    connection: 'close'
  config: {
    url: 'http://localhost:1337/admin/auth/local',
    method: 'post',
    data: '{"identifier":"MYEMAIL","password":"MYPASSWORD"}',
    headers: [Object],
    transformRequest: [Array],
    transformResponse: [Array],
    timeout: 0,
    adapter: [Function: httpAdapter],
    xsrfCookieName: 'XSRF-TOKEN',
    xsrfHeaderName: 'X-XSRF-TOKEN',
    maxContentLength: -1,
    validateStatus: [Function: validateStatus]

You need to send the request as application/json not text/plain

1 Like

Hi, thanks for your reply. But this content-type it’s of the response, not the request. The request is like below:
_header: ‘POST /admin/auth/login HTTP/1.1\r\n’ +
‘Accept: application/json, text/plain, /\r\n’ +
‘Content-Type: application/json;charset=utf-8\r\n’ +
‘User-Agent: axios/0.19.2\r\n’ +
‘Content-Length: 64\r\n’ +
‘Host: localhost:1337\r\n’ +
‘Connection: close\r\n’ +

Oh shoot your right, sorry about that. The /admin/auth/local endpoint doesn’t use identifier like the end-user /auth/local. For the admin login you need to send email and password.

Very strange, but I’d tried with paths /admin/auth/local and /auth/local, with the fields identifier or email. Without the admin prefix, the response returns “400”, but with the prefix, still return “405” =/

1 Like

I just noticed it today :man_facepalming: for the admin it’s /admin/login and end-users is /auth/local

(Admin still uses email + password instead of identifier + password)

Hmmm, I understood. When I’m using /auth/local returns 400:
“statusCode”: 400,
“error”: “Bad Request”,
“message”: [
“messages”: [
“id”: “Auth.form.error.invalid”,
“message”: “Identifier or password invalid.”
But the identifier and password are correct, very strange.

1 Like

I am facing same error method not Method Not Allowed
in http://localhost:1337/loca/auth

please help me how resolved this error

You dropped an L and have it backwards, it should be http://localhost:1337/auth/local
Roles & Permissions - Strapi Developer Documentation

Hi, I have a 405 error too when I try to execute an POST request initially did in the admin panel, in an other application.
The fetch request :

fetch("http://localhost:1337/collection-types/", {
  "headers": {
    "accept": "application/json, text/plain, */*",
    "accept-language": "fr-FR,fr;q=0.9,en;q=0.8",
    "authorization": "Bearer blablabalabalfjidsfj",
    "content-type": "application/json;charset=UTF-8",
    "sec-fetch-dest": "empty",
    "sec-fetch-mode": "cors",
    "sec-fetch-site": "same-site"
  "referrer": "http://localhost:3333/",
  "referrerPolicy": "strict-origin-when-cross-origin",
  "body": "{\"sellerLabel\":\"TEST\",\"price\":\"90\",\"description\":\"TEST\",\"expedition\":\"TEST\",\"carrier\":\"TEST\"}",
  "method": "POST",
  "mode": "cors",
  "credentials": "include"

I do not undesrtand what is happening

I just tried Strapi v4, for authenticate user route should be /api/auth/local

let headersList = {
 "Accept": "*/*",
 "Content-Type": "application/json"

fetch("http://localhost:1337/api/auth/local", { 
  method: "POST",
  body: "{\n  \"identifier\": \"\",\n  \"password\": \"user123\"\n}",
  headers: headersList
}).then(function(response) {
  return response.text();
}).then(function(data) {

I realized the correct route on this setting user permission role
Bound route to auth.register


I also get the same problem. When I use Postman for testing the all the GET requests work and the POST request works aswell, but DELETE and PUT requests return Method Not Allowed. Eventough I enabled all the permissions in Strapi. Below you can see my request and the response in Postman. Maybe you have and idea, why that could be. Thanks in advance for your help!

1 Like

Hey Strapi forum,

I am getting a 405 Error when attempting a post attached is the snippit that is causing the error.

function Home() {

const API_URL = process.env.NEXT_PUBLIC_API_URL || 'http://localhost:1337/api';

console.log(`URL: ${API_URL}`);

const [query, setQuery] = useState('');

const link = new HttpLink({ uri: `${API_URL}/graphql` });

const cache = new InMemoryCache();

const client = new ApolloClient({ link, cache });

return (

    <ApolloProvider client={client}>

        <div className='search'>

            <h2> Local Restaurants</h2>


                <InputGroupAddon addonType='append'> Search </InputGroupAddon>


                    onChange={(e) => setQuery(}






        <RestaurantList search={query} />

        <Cart> </Cart>




This was indeed the issue for me. Thanks, Azul!

I want to implement custom register method where user verifies his/her mobile no. using OTP.
When i’m trying to extend plugin::users-permissions.auth controller, I followed this steps in strapi v4 documentation,

When I’m making call to API /api/auth/local/ or /api/auth/local/register
I got error 405 Method not allowed.

Maybe you have any idea, why that could be. Thanks in advance for your help!

I got this too, Do you know how to fix it?

Here is the API route for the authentication /api/auth/local .
‘/auth/local’ is v3 type


What turned out to be the problem for me is a wrong fetch URL. You can check your URLs under Settings → Roles and one of the methods such as GET, UPDATE OR DELETE. Once you select it, it provides an example of request.

This error is directly related to the lack of permissions!
Solution for cases without authorization!! If you are at the stage of developing the functionality, updated the straps or deleted the cache and made a build, then you need to go to this menu and set it as shown in the photo. Also see all permissions for your role.

You just saved me thanks :slight_smile: