Hi,
I’m trying to fetch results from /api/* using admin’s authroization token. However no matter how I try, it’s rejected by the api. I wonder is there any way to allow admin users to call the built-in content api?
Did you attached as Bearer token?
Yes, I attached it, it’s the same from what I can see from admin backend’s requests.
From what I can understand is that there are two types of users, first admin users, second user permission users. By default, /api is using user permission users to authenticate all the request.
However what I want to know is that, if I only have admin user’s jwt token, how can I visit /api/ calls?
Let’s say, if I have an admin’s Bearer token, I can visit http://127.0.0.1:1337/content-manager/collection-types/plugin::users-permissions.user. However I don’t know how to allow admin user to visit http://127.0.0.1:1337/api/users
API authorisation and users are separate from the admin panel users, there is an explanation… https://strapi.io/blog/why-we-split-the-management-of-the-admin-users-and-end-users
And some more discussion: Strapi Permissions - Admin vs Site Users - How to assign ownership of items?
Thanks! It’s only that with admin’s user, I can’t find a way to query content, with ‘populate’ parameter like what I can do in user’s API. Is there any workaround?
Not sure, sorry. I think the admin endpoints are designed to work with the admin UI specifically.
If you want to have access to the admin API, then you would require to create a plugin(admin’s extension).