Tutorial - How to Create a Content-type, and Configure User Permissions for REST APIs

May 01, 2021


In this post, we will see how we can create a content type. And, configure user permissions.

This post assumes you have installed strapi. See How to install Strapi backend


  • We will create an Article type with following fields,
    • Title
    • Body with rich text
  • Only authenticated user will be able to create an article
  • Anybody can view the published article
  • Enable REST APIs for creating/reading/updating/deleting an article.

Create an Article Content type

Open http://localhost:1337/admin/plugins/content-type-builder/content-types/

Click on Create New Collection Type, and give it a name: article

Create two fields:

  1. title, type: Text
  2. body, type: Rich Text


Strapi Server

Create New Article

Lets try to create a new article.

  • Refresh your strapi admin panel
  • Click on: “Collection Types” -> Articles
  • On top right corner, click on “Add new Article”
  • Write title and body.
  • Click Save. Do not forgot to click on Publish button.

Setting up Permissions for REST API

As I mentioned above, our two objectives here:

  1. Anyone should be able to see articles
  2. Only authenticated users will be able to create one

Configuring Anonymous(Public) user permissions:

  • Click on Settings
  • Click on Roles (Under Users & Permissions plugin)
  • Click on Public, wait for 2-3 seconds. It takes time to load settings
  • Click checkbox for count, findone find
  • Click save

Public Permissions

Configuring Authenticated user permissions:

  • Similarly click on “Authenticated” Role
  • Click checkbox for count, create, delete, find, findone, update
  • Click save

Authenticated Permissions

Try on Postman

GET All Articles

Do a GET request for all articles:

GET /articles

Get all Articles

GET single article by id

GET /articles/{id}

Get single Article

Create Article

Now, if you try to create by anonymous user, you will get http error: 401

Because we have configured to create article only by authenticated users.

We will see this in next post, how we can create an article by REST API and an authenticated user.

Note: So far, we have only configured that only authenticated users can create/edit/delete the article. But, we do not want any authenticated user to update or delete any other article.

Lets see next post for configuring this.

Similar Posts

Latest Posts