GraphQL Forbidden Access

I recently set up a fresh install of Strapi to test out and for the life of me I can’t seem to get GraphQL to work. I keep getting “Forbidden access” anytime I try to query my blog collection.

I’ve seen a few people mention user permissions, but nothing in the admin seems straightforward for that.

Welcome to the Strapi Community @ernstoarllano

Have you given permissions in
Admin > Settings

You need to give endpoints or the user access to the blogs else you can’t access it I’m guessing.

1 Like

Go to Settings > Roles (the one under USERS & PERMISSIONS PLUGIN). Edit the “Public” role by clicking on the pencil icon and then check the permissions for operations you want to perform in the GraphQL playground.

1 Like

This is wrong way. You are open your data for unauthenticated users.
Same section enter in Authenticated then give permission content type tables for authenticated users.

You need to get your token from Settings > API Token section. Then use it from http headers as:

{ "Authorization": "Bearer <token>" }