401 Unauthorized

So I'm using appwrite for the first time and am trying to insert something to my db, however, I keep getting this error in the console: AppwriteException: The current user is not authorized to perform the requested action.at Client.<anonymous>

I'm inserting the data without any user auth on the website - do I have to make an auth system? Or is there just something wrong with my api keys?

Also here's my code (I'm using SvelteKit):

TypeScript

<script>
  import { Client, Databases, ID } from "appwrite";
  import { client } from "$lib/appwrite";
  import {
    PUBLIC_APPWRITE_DB,
    PUBLIC_APPWRITE_COLLECTION,
  } from "$env/static/public";
  let val= "";

  const databases = new Databases(client);
  function submit() {
    const promise = databases.createDocument(
      PUBLIC_APPWRITE_DB,
      PUBLIC_APPWRITE_COLLECTION,
      ID.unique(),
      { url: "test data", hash: "test data" },
    );

    promise.then(
      function (response) {
        console.log(response);
      },
      function (error) {
        console.log(error);
      },
    );
  }
</script>
    <form
      on:submit={(e) => {
        e.preventDefault();
        submit();
      }}
    >
        <input
          bind:value={val}
          type="text"
        />
        <button type="submit">submit</button>
    </form>

TL;DR

Developers are getting a 401 Unauthorized error when trying to insert data into the database without user authentication. The solution is to create a session using the Account API before using the Databases APIs. This error occurs because the current user is not authorized to perform the action. Logging the user in before database access is necessary.

Did you create a session using Account API before using the Databases APIs?

I think I did

Umm no, I dont see any login. See - https://appwrite.io/docs/products/auth/email-password

TypeScript

export const account = new Account(client);

So I have to log the user in before they can use the db?

If the Databases permissions are set to Users.

But how can I set the db permission so anybody can access it?

Your Database > Your Collection > Settings > Permissions > Manage the Permissions.

However, granting read/write/update permissions to Any, Guest, All Users isn't a good security practice. What are you trying to do?

Well thanks for that, this is just kind of a test project, so just a few ppl will look at it and have the access to the db therefor, you don't have to be worried about spam/bots

In that case, you could still do this - Permissions > All Users > Select permissions.

Ofc. this would require the users to register & login. For registration, you can manually add the users via Auth dashboard & mark them as Verified.

And if I'd do guest, anyone would have access to it without auth?

There a few gotchas here, for better info. see this doc - https://appwrite.io/docs/advanced/platform/permissions#permission-roles

alright, thanks

Reply to this thread by joining our Discord

Reply on Discord