Permession 403 forbidden with jwt and api token

Hi

Can you please someone tell me why i keep getting error forbiden despite everything is set correctly

I’m using strapi latest version 4.7
Nextjs 12.4
Turbo.js
Nextauth

Login works fine,
I can upload image with api token and jwt without any problem

But the other collection type only works with public

I have add the token to .env also to next.config
Checked salt and secret not the same
Tested api token with full access and custom didn’t work returns 403
Tested role permession with every combination also return 403

The only thing i did out of the ordinary is copying content-type from old version of strapi to a new version and rebuild the admin, It works with public permession without problem

Content Manager1373×492 46.8 KB

Settings — Roles (1)826×497 27.3 KB

Settings — Roles792×781 44.6 KB

Screenshot 2023-03-07 0845221241×209 38.9 KB

Screenshot 2023-03-07 084857748×186 18.6 KB

Screenshot 2023-03-07 0849281567×180 21 KB

Screenshot 2023-03-07 0849461529×295 30.3 KB

Screenshot 2023-03-07 0850051092×192 19.5 KB

Screenshot 2023-03-07 0858021910×329 97.9 KB

Screenshot 2023-03-07 0858311896×273 50.5 KB

I think uploads is public so you will need to deselect it from there.
Try send a public request no token to get the image.

Actually the problem it was with axios header
i add the token in the first brack and that lead to strapi not receving the token at all.

thank you