0

I'm working on a Strapi v5 server and have set up the following tables:

  1. Referrant – has many Agents.

  2. Agent – has many Referrants.

  3. ReferrantToAgent – a conjunction table to handle the many-to-many relationship with extra data on each connection.

I also used the users-permissions plugin to create two end-user roles: Referrant and Agent.

I'm trying to fetch Agents for a specific Referrant — the flow is that a Referrant user logs in and should get a list of their Agents.

The API call looks like this:

GET /api/referrant-to-agent?filters[referrant][documentId][$eq]=SOME_REFERRANT_ID&populate=agent

When the ReferrantToAgent API permissions are set to Public, the request works fine.

However, when I restrict the permissions to the Referrant role (and authenticate with a valid JWT token), the same request fails with:

{
  "error": {
    "status": 400,
    "name": "ValidationError",
    "message": "Invalid key referrant",
    "details": {
      "key": "referrant",
      "path": "referrant",
      "source": "query",
      "param": "filters"
    }
  }
}

Why does filtering by referrant work when public, but break when authenticated?

Any ideas how to fix this?

Improve this question

1 Answer 1

Reset to default
0

The issue happens because when a user is authenticated in Strapi, role-based permissions are enforced.

Specifically:

  • If the authenticated user's role does not have access to the referrant relation (even just for filtering), Strapi treats the field as non-existent.

  • As a result, any query trying to filter by referrant will fail with ValidationError - Invalid key referrant.

Solution:

  1. In Strapi Admin, go to:

    • SettingsUsers & Permissions pluginRoles → select the Referrantrole.

  2. Under the permissions for the referrant & referrant-to-agent collections:

    • Allow at least the read (find, findOne) operations.

  3. Save and try the request again.

You need to give the role access to both:

  • The referrant-to-agent API AND

  • The referrant API (because your query filters through a relation — Strapi internally fetches the referrant model too).

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.