ForbiddenError: Access to this Ref requires an access token

I can't access my custom type data why, I did everything as stated in the Doc.

  • Create an API client

I created the config/ folder with prismicConfig.js

prismicConfig.js

// node-fetch is used to make network requests to the Prismic Rest API. 
// In Node.js Prismic projects, you must provide a fetch method to the
// Prismic client.
import fetch from 'node-fetch'
import * as prismic from '@prismicio/client'
import dotEnv from  'dotenv'

dotEnv.config()

const repoName = 'Floema' // Fill in your repository name.
const accessToken = process.env.PRISMIC_ACCESS_TOKEN // If your repository is private, add an access token.

// The `routes` property is your Route Resolver. It defines how you will 
// structure URLs in your project. Update the types to match the Custom 
// Types in your project, and edit the paths to match the routing in your 
// project.
const routes = [
  {
    type: 'about',
    path: '/about',
  },
]

export const client = prismic.createClient(repoName, { 
  fetch, 
  accessToken,
  routes,
})

And connected to the Prismic API in my app.js file

app.js file

import { fileURLToPath } from 'url'
import * as prismicH from '@prismicio/helpers'
import { client } from './config/prismicConfig.js'
import express from 'express'
import dotEnv from  'dotenv'
import path from 'path'

const __filename = fileURLToPath(import.meta.url);


dotEnv.config()

const app = express()
const port = 3000

const __dirname = path.dirname(__filename)

app.set('views', path.join(__dirname, 'views'))
app.set('view engine', 'pug')

app.use((req, res, next) => {
  res.locals.ctx = {
    prismicH,
  }
  next()
})

app.get('/', async (req, res) => {
  
  res.render('pages/home')
  console.log(`dirname is :${__dirname}`)
})

app.get('/about', async (req, res) => {
  
  // Here we are retrieving the first document from your API endpoint
  const document = await client.getFirst('about')
  console.log(document)
  res.render('pages/about', { document })
  
})

app.get('/detail/:id', async (req, res) => {
  res.render('pages/detail')
})

app.get('/collections', async (req, res) => {
  res.render('pages/collections')
})

app.listen(port, () => {
  console.log(`Example app listening on port ${port} and dirname is ${__dirname}`)
})

I set it up only for the about page

this is the error I get in the console

file:///Users/al/Documents/Projects/Floema/floema/node_modules/@prismicio/client/dist/index.js:561
[0] throw new ForbiddenError("error" in json ? json.error : json.message, url, json);
[0] ^
[0]
[0] ForbiddenError: Access to this Ref requires an access token
[0] at Client.fetch (file:///Users/al/Documents/Projects/Floema/floema/node_modules/@prismicio/client/dist/index.js:561:15)
[0] at processTicksAndRejections (node:internal/process/task_queues:96:5)
[0] at async Client.getFirst (file:///Users/al/Documents/Projects/Floema/floema/node_modules/@prismicio/client/dist/index.js:282:20)
[0] at async file:///Users/al/Documents/Projects/Floema/floema/app.js:37:20 {
[0] url: 'https://floema.cdn.prismic.io/api/v2/documents/search?0=a&1=b&2=o&3=u&4=t&ref=YNwauBEAACQAUL2O&routes=[{"type"%3A"about"%2C"path"%3A"%2Fabout"%2C"accessToken*********&access_token=*******,
[0] response: {
[0] type: 'api_security_error',
[0] message: 'Access to this Ref requires an access token',
[0] oauth_initiate: 'https://floema.prismic.io/auth',
[0] oauth_token: 'https://floema.prismic.io/auth/token'
[0] }
[0] }

I provided the access token int config file and it even returns it in the terminal. I'm very confused

Hello @alsalvadorg, I believe res.render is expecting a different parameter. Similar to how is done here:

For example, I'd write the route for /about like this, in this case the Custom Type is called about_post:

app.get('/about', async (req, res) => {
   const aboutpost = await client.getSingle('about_post');
    res.render('about', {
      aboutpost,
   });
})

Same exact mistake

response: {
[0]     type: 'api_security_error',
[0]     message: 'Access to this Ref requires an access token',
[0]     oauth_initiate: 'https://floema.prismic.io/auth',
[0]     oauth_token: 'https://floema.prismic.io/auth/token'
[0]   }
[0] }

How are you passing your private repo's access token?

Yes in the prismicConfig.js file. Just as the guide says. I don’t know if I should pass it elsewhere


// node-fetch is used to make network requests to the Prismic Rest API. 
// In Node.js Prismic projects, you must provide a fetch method to the
// Prismic client.
import fetch from 'node-fetch'
import * as prismic from '@prismicio/client'
import dotEnv from  'dotenv'

dotEnv.config()

const repoName = 'Floema' // Fill in your repository name.
const accessToken = process.env.PRISMIC_ACCESS_TOKEN // If your repository is private, add an access token.

// The `routes` property is your Route Resolver. It defines how you will 
// structure URLs in your project. Update the types to match the Custom 
// Types in your project, and edit the paths to match the routing in your 
// project.
const routes = [
  {
    type: 'about',
    path: '/about',
  },
]

export const client = prismic.createClient(repoName, { 
  fetch, 
  accessToken,
  routes,
})

We've opened a feature request to make this error message more descriptive. This happens because we invalidate a master ref after five publications. After that, the master ref becomes unreachable.

For example, if someone on your team publishes a document during a build, it will cause the ref to go out of date.

Can I know what is a ref. Will updating that ref fix my problem? how should I proceed ?.

Yes, the ref is a reference for the version of the content in the API of your repository. Here's the documentation about refs in Prismic:

You're probably storing or caching the ref somewhere in your app.