API Key auth not working | Payload | Page 1

normal current Apr 29, 2025, 2:36 PM

#

Hi everyone! 👋

I’m new to Payload CMS and using API-Key auth to fetch my Jobs collection, but I get a permissions error.

Setup so far:
1. Created a user with an API key in the Admin UI.
2. Enabled useAPIKey: true on Users and Jobs.
3. Added a read rule on Jobs that checks Boolean(user) and logs req.user.
4. Set admin.user = Users.slug in payload.config.ts.

// collections/Jobs.ts
export const Jobs: CollectionConfig = {
slug: 'jobs',
auth: { useAPIKey: true },
access: {
read: ({ req: { user } }) => {
console.log('req user:', user)
return Boolean(user)
},
},
// fields…
}

// collections/Users.ts
export const Users: CollectionConfig = {
slug: 'users',
auth: { useAPIKey: true },
// fields…
}

Request:

curl -X GET http://localhost:3001/api/jobs
-H 'authorization: users API-Key 6c9c5ce9-414a-4c5c-b096-de75bd631d71'

Response:

{ "errors": [{ "message": "You are not allowed to perform this action." }] }

Log in hook:

req.user: Request { method: 'GET', url: '…/api/jobs', headers: { authorization: 'users API-Key …' }, … }

Expected:
• req.user populated with the API-Key user object
• Access granted, returning the jobs array

Already tried:
• Restarting server after each change
• Verifying the key is active in Admin
• Hitting /api/users/me with the same header (returns user)

Any ideas what I’m missing? Maybe my auth config, header format, or a Payload bug? Thanks! 🙏

young glacierBOT Apr 29, 2025, 2:36 PM

#

New Community-Help Thread Created!

Help is on the way! To mark it as solved, use the /solve command. In the meantime, here are some existing threads that may help you:

Documentation:

Community-Help:

sonic reef Apr 30, 2025, 6:54 AM

#

auth: { useAPIKey: true }, should only be defined on the auth collection (users) and not on the collection you want to query (jobs). So remove it from there.

I don't see what else is wrong, everything else seems good to me. So maybe that just causes the issue, that you are defining job as a auth collection as well.

deep needle May 6, 2025, 12:03 AM

#

Is this the canonical way to do it? It doesnt mention that in the docs. No wonder i could never get apikeys to work...

sonic reef May 6, 2025, 5:33 AM

#

@normal current Did you get it to work

@deep needle What is the issue you are having? API key authentication is working fine for me.

deep needle May 7, 2025, 4:50 AM

#

@sonic reef its really unclear from the docs that it 'should only be defined on the auth collection'. There's quite a few threads on here asking this question, i even asked one on github a couple months ago and no one ever said that even though i showed my code where i was adding it on the query collection.

sonic reef May 7, 2025, 6:00 AM

#

Sorry to hear about your problems. Did you get it to work in the end?
If not you can send the link to GitHub where the code is and I can take a look.

normal current May 8, 2025, 9:11 AM

#

Thanks a lot for the quick support. Somehow it's working now. Justed removed auth: { useAPIKey: true } from jobs.

pulsar prism Jun 30, 2025, 9:46 AM

#

Hi it's really big problem

#

#

#

#

why ?

civic quest Jul 1, 2025, 9:11 AM

#

working POST /api/login user credentials, but without API KEY, yeah it’s not the best option, but I’m also new to the CMS and I haven’t been able to set up an API key yet. What I’m doing is loading the credentials from an ENV file, logging in, capturing the token, and then I have read and write access to the CMS API

#

if u find a solution, please share it here — I’d love to apply proper API key usage too

#API Key auth not working

Documentation:

Community-Help: