Invalid Credentials for authenticated users via API usage

System Information
  • Strapi Version: 3.6.x
  • Operating System: Linux/MacOS
  • Database: Postrgresql
  • Node Version: 14.5.x
  • NPM Version: 6.14.x
  • Yarn Version: 1.22.x

Hi all,

I am having issues trying to retrieve content from my Strapi CMS via the the api.

Initially it all seemed to work fine but anyone other than the initials user (generating the ID of ‘1’) cannot access the API and gets a response of:

{“statusCode”:403,“error”:“Forbidden”,“message”:“Invalid credentials”}

I am passing in the JWT token retrieved from the successful login:

Authorization: Bearer XXXXXXX

I have set up my user-permissions to allow access to the role of ‘authenticated’ and the users have the role of ‘authenticated’.

I really appreciate any help regarding this.

It’s because you aren’t creating users from the good place, you need to go to Parameters/AdminPanel/Users and not just add an entry to the Users collections.

Hope it works for you !

Thank you for the the quick reply - I am looking to create users for the front end of the application and not Strapi Admin users? This is using the “registration” and “login” functions from the docs.

If you accidentally set the same JWT secrets for both admin and user, this a good reference to fix it: JWT authentication - HTTP 403 - Invalid credentials - `strapi develop` · Issue #14 · strapi/documentation · GitHub

1 Like

This sounds absolutely spot on, I’ll give it a try and report back - thanks a million for responding!

Thank you so much for helping resolve this issue; massive kudos to you :bowing_man: