How to allow v4 admin users to visit /api/*?

System Information
  • Strapi Version: 4.x
  • Operating System: Windows
  • Database: postgresql
  • Node Version: 16
  • NPM Version: *
  • Yarn Version: *

Hi,

I’m trying to fetch results from /api/* using admin’s authroization token. However no matter how I try, it’s rejected by the api. I wonder is there any way to allow admin users to call the built-in content api?

Did you attached as Bearer token?

Yes, I attached it, it’s the same from what I can see from admin backend’s requests.
From what I can understand is that there are two types of users, first admin users, second user permission users. By default, /api is using user permission users to authenticate all the request.
However what I want to know is that, if I only have admin user’s jwt token, how can I visit /api/ calls?

Let’s say, if I have an admin’s Bearer token, I can visit http://127.0.0.1:1337/content-manager/collection-types/plugin::users-permissions.user. However I don’t know how to allow admin user to visit http://127.0.0.1:1337/api/users

API authorisation and users are separate from the admin panel users, there is an explanation… https://strapi.io/blog/why-we-split-the-management-of-the-admin-users-and-end-users

And some more discussion: Strapi Permissions - Admin vs Site Users - How to assign ownership of items?

1 Like

Thanks! It’s only that with admin’s user, I can’t find a way to query content, with ‘populate’ parameter like what I can do in user’s API. Is there any workaround?

Not sure, sorry. I think the admin endpoints are designed to work with the admin UI specifically.

1 Like

If you want to have access to the admin API, then you would require to create a plugin(admin’s extension).

actually as an admin user, we are unable to access strapi’s custom/default api for content-types.
lets say, we created a content type in strapi (not in any plugin), (eg todo)
we can not access default CRUD apis with admin user’s JWT token. (http://localhost:1337/api/todos)