I recently set up a fresh install of Strapi to test out and for the life of me I can’t seem to get GraphQL to work. I keep getting “Forbidden access” anytime I try to query my blog collection.
I’ve seen a few people mention user permissions, but nothing in the admin seems straightforward for that.
Go to Settings > Roles (the one under USERS & PERMISSIONS PLUGIN). Edit the “Public” role by clicking on the pencil icon and then check the permissions for operations you want to perform in the GraphQL playground.
This is wrong way. You are open your data for unauthenticated users.
Same section enter in Authenticated then give permission content type tables for authenticated users.