Strapi api giving 500 error

Hi guys. I’ve recently deployed a Strapi backend to AWS. Everything seems to work except when I try to access my api, i.e. http://{MY-SERVER-URL}/api/users from my browser I get a 500 error message and my server logs say this:

error: Forbidden access
ForbiddenError: Forbidden access
at Object.verify (/var/task/node_modules/@strapi/plugin-users-permissions/server/strategies/users-permissions.js:94:11)
at processTicksAndRejections (node:internal/process/task_queues:96:5)
at async /var/task/node_modules/@strapi/strapi/lib/services/server/compose-endpoint.js:31:5
at async serve (/var/task/node_modules/koa-static/index.js:59:5)
at async returnBodyMiddleware (/var/task/node_modules/@strapi/strapi/lib/services/server/compose-endpoint.js:52:18)
at async policiesMiddleware (/var/task/node_modules/@strapi/strapi/lib/services/server/policy.js:24:5)
at async /var/task/node_modules/@strapi/strapi/lib/middlewares/body.js:58:9
at async /var/task/node_modules/@strapi/strapi/lib/middlewares/logger.js:25:5
at async /var/task/node_modules/@strapi/strapi/lib/middlewares/powered-by.js:16:5
at async cors (/var/task/node_modules/@koa/cors/index.js:61:32)

Any ideas as to what I need to do or configure? I only have one user which is me aka Super Admin.

hi gkurl,

Ever fix this? facing the same issue now.

I actually just figured it out, seems like a bug.
When using JWT to set a token and use that as checking if a user is logged in etc, GET request work fine but when using a POST request to the server it fails.
I had to allow the ‘Public’ User rules to allow create in the strapi panel.
So it seems that the program doesnt recognise that its an authenticated user on POSt. Even though when I post it is associated with the user.

Weird.