Configuring API End User Permissions in Strapi

Instructor: [0:00] We want to make requests to our Strapi API to get the posts entries that we just put into Strapi. To do that, we'll go to our settings. We'll click roles under user and permissions plugin, and select the public role. [0:17] We select our post collection type and give ourselves access to findOne operations, which may get request to our API. Find operations and then we'll save.

[0:31] We'll open VS Code and click our Thunder Client extension. Click new requests. We'll get rid of that, and now, we'll make a get request to http://localhost:1337/api/posts.

[0:55] We get exactly what you need, our entries that we put into the Strapi content manager. We'll go back to our Strapi application and update our settings. We'll revoke our access to find and findOne, and save.

[1:15] When we try and make a new query in Thunder Client, we get a 403 Forbidden error because we revoked access to the API. In our Strapi admin, we also have the ability to use API tokens.

[1:32] We'll create a new API token and call this, "Get posts data," and make this full access. We'll save our data and copy our token. We'll go back into our Thunder Client to make an authenticated request with our new token.

[1:53] We'll go to auth and select Bearer and paste in our Bearer token. When we make our request, we get back the data that we want. That is how you set up permissions to make queries to your Strapi API.