Forbidden access - Roles Permissions are all selected

Discord Q&A strapi-questions
1

I received an abandoned Strapi API project. The other GraphQl requests are working, except for my newly created one.

@strapi/plugin-graphql”: “4.4.5”,

:white_check_mark: Collection Type is called “Crystal”
:white_check_mark: Roles Permission for both Authenticated and Public (for testing)
:white_check_mark: Has existing entries for “Crystal”
:white_check_mark: Tried fetching data from old API

Request body:

query GetAllCrystals {
  crystals {
    data {
      attributes {
        name
      }
    }
  }
}

Response (Status: 200):

{
    "errors": [
        {
            "message": "Forbidden access",
            "extensions": {
                "error": {
                    "name": "ForbiddenError",
                    "message": "Forbidden access",
                    "details": {}
                },
                "code": "FORBIDDEN"
            }
        }
    ],
    "data": {
        "crystals": null
    }
}

This topic has been created from a Discord post (1292758148041674772) to give it more visibility.
It will be on Read-Only mode here.
Join the conversation on Discord

2

Additional info. I found out that when I remove the same Authorization that is working for other collection type, it works for my newly created collection type.

3

Marking this as fixed.
I just needed to include the permission in the API Tokens, not in the Roles.