Bug accessing content via REST API

Hi Prismic,

We're switching over our content workflow to Prismic, which is a great improvement to our website overall. We're completely ready to swap over our content to your platform, but seem to run into a bug. A bit more info about what we do:

  • Get content of articles via REST API, then process and display it on our website
  • Create new articles that get a custom UID, which is used to get a specific article through the API

Everything is set up and working well, using a testing article we created. However, we're now trying to publish more articles, but they cannot be reached via the API. We can always only access the first article that was created, the other articles we get the following error. What's going on here? Keep in mind, the code for the first article and the rest on the website is exactly the same, something is Prismic itself is going wrong.

{"type":"api_security_error","message":"Access to this Ref requires an access token","oauth_initiate":"https://your-repo.prismic.io/auth","oauth_token":"https://your-repo.prismic.io/auth/token"}

Hi @duurzaamheidsvergeli,

Thanks for posting this issue :slight_smile:

In the error message, the URL is https://your-repo.prismic.io. Just for confirm, did you replace your repo name with your-repo?


Yes, the real url I used is the correct one.

I also tested it with the first article I created, and it works fine. Gives me the correct content as a json response in both the browser as when executing the API query. However, using other article UID's within the same repo, I get that error message for some reason...

Hi @duurzaamheidsvergeli,

It looks like, somewhere in your code, you need to update your-repo to your actual repo name. Some of the project templates and code snippet examples include your-repo, but if you try to query it, you'll get this error because you don't have access to the actual repository called your-repo. Let me know if that helps, or if you're still getting an error.


Hi Sam,

Thanks for the suggestion, but I can assure you that's not the reason of why it's not working. Our code is made in such way that when the request is made for a different article, the rest of the url stays the same.

But I even experience the error in the browser. I did two API calls in the chrome browser, giving the following results:

  1. First request, entering the URL: https://my-real-repo.cdn.prismic.io/api/v2/documents/search?ref=REF_ID&access_token=TOKEN&q=[[at(my.template.uid,"article-one")]]
    This gives me the full article json in the browser, being exactly what I need.

  2. In the second request, I only change the article uid in the same URL: https://my-real-repo.cdn.prismic.io/api/v2/documents/search?ref=REF_ID&access_token=TOKEN&q=[[at(my.template.uid,"article-two")]]
    Now I get that weird error code being: {"type":"api_security_error","message":"Access to this Ref requires an access token","oauth_initiate":"https://my-real-repo.prismic.io/auth","oauth_token":"https://my-real-repo.prismic.io/auth/token"}

This is clearly not a bug in our application, because the same thing happens just using a regular browser.

I would appreciate it if someone could take a look at this. We want to transition to Prismic soon and right now that's not possible due to this error.

Hi @duurzaamheidsvergeli,

Thanks for this additional information! I'll take a look at this on Monday and get back to you :slight_smile:


Hi @duurzaamheidsvergeli,

Could you send me your repo name and access token in a private message so that I can take a look?

In the meantime, here are a couple more questions for troubleshooting:

  • Is article-two a draft or a published article? This error could be caused if it's a draft.
  • Are you using a recent ref? The ref should be refreshed on each query; an old one could also cause an error like this.


Hi Sam,

Your second bullet point has helped me. I missed in the documentation that the ref changes everytime content is published, so I was using an old ref. I now also understand why I got a result for the first article, but not for those later added. By using the older ref, you query an older version of the repo that doesn't contain the newer articles yet. Thanks a lot for helping me out with that.

In the developer documentation I cannot find best practices to handle this. Due do needing to refresh the ref value, the process of getting content from Prismic to show on our website basically looks like:

Due to having to do 2 queries to the Prismic CDN, the TTFB has increased tremendously. Performing 2 queries is not ideal. How do you advise to keep the TTFB low, while not having the problem of querying old repo refs?

Hi @duurzaamheidsvergeli,

While it seems counter-intuitive, two queries are actually faster than one.

The first query gets the ref for the most recent content version, which is never cached.

The second query gets the content. If the ref has been queried before, then the content comes from a cache. If the ref is new, the API gets content fresh from the Prismic database. The uncached query to the database will always, necessarily be significantly slower, and most queries can safely use cached content. So, the first query significantly shortcuts the second query, making the time to receive content all-around much faster.

In your initial comment, you were skipping the first query, which, unfortunately, isn't functional. In theory, you would only ever query a cache that way, and wouldn't be able to refresh your content.

Having said all of that, the Prismic API response times are very fast, and our development kits optimize the two-request process.

Now, if you really want to eliminate the first query, it's theoretically possible but highly discouraged. You would programmatically store your most recent ref. You could do this with a webhook, so that when content changes you update the ref in your app. This process would achieve what you're describing, but it's not officially supported by Prismic.

I hope that answers your question :slight_smile: But let me know if anything was unclear.


I set up the Prismic integration initially with the SDK, but due to the server requests the TTFB was too high for our requirements. I now understand why, because with my custom and fully working REST API integration I get the same TTFB times.

That means the only viable option left for us would be to use a webhook to call a script on our server everytime content is published. Why is this not officially supported by Prismic? Is there any risk when we write our own scripts to achieve this functionality? It's actually not far from the code we've currently made to integrate via the REST API way.

Why is this not officially supported by Prismic?

I don't have an official rationale for this, but I can speculate. The two-query API cycle is efficient, failsafe, and easy to recreate across different implementations.

The risk with caching the ref yourself is that you'll need a more complex system, which could fail. If you end up with the wrong ref in your cache, you could query a stale cache or an evicted cache. If you're using server-side generation and due to an error you end up with an old ref that points to an evicted cache, then your whole website could potentially crash.

If you're using JavaScript, our @prismicio/client kit includes a method for specifying the ref you're querying from. More info on how to do that, here:

Let me know if I've left anything unanswered.