Permession 403 forbidden with jwt and api token

System Information
  • Strapi Version: 4.7.1
  • Operating System: Windows 11
  • Database: MariaDB 10.4.21
  • Node Version: 16.17
  • NPM Version: 9.1.2
  • Yarn Version:


Can you please someone tell me why i keep getting error forbiden despite everything is set correctly

I’m using strapi latest version 4.7
Nextjs 12.4

Login works fine,
I can upload image with api token and jwt without any problem

But the other collection type only works with public

I have add the token to .env also to next.config
Checked salt and secret not the same
Tested api token with full access and custom didn’t work returns 403
Tested role permession with every combination also return 403

The only thing i did out of the ordinary is copying content-type from old version of strapi to a new version and rebuild the admin, It works with public permession without problem

Screenshot 2023-03-07 084319
Screenshot 2023-03-07 084452

Screenshot 2023-03-07 084606

I think uploads is public so you will need to deselect it from there.
Try send a public request no token to get the image.

Actually the problem it was with axios header
i add the token in the first brack and that lead to strapi not receving the token at all.

thank you

1 Like