Tutorial - How to Create a Content-type, and Configure User Permissions for REST APIs

Introduction

In this post, we will see how we can create a content type. And, configure user permissions.

This post assumes you have installed strapi. See How to install Strapi backend

Objective

We will create an Article type with following fields,
- Title
- Body with rich text
Only authenticated user will be able to create an article
Anybody can view the published article
Enable REST APIs for creating/reading/updating/deleting an article.

Create an Article Content type

Open http://localhost:1337/admin/plugins/content-type-builder/content-types/

Click on Create New Collection Type, and give it a name: article

Create two fields:

title, type: Text
body, type: Rich Text

Save

Strapi Server

Create New Article

Lets try to create a new article.

Refresh your strapi admin panel
Click on: “Collection Types” -> Articles
On top right corner, click on “Add new Article”
Write title and body.
Click Save. Do not forgot to click on Publish button.

Setting up Permissions for REST API

As I mentioned above, our two objectives here:

Anyone should be able to see articles
Only authenticated users will be able to create one

Configuring Anonymous(Public) user permissions:

Click on Settings
Click on Roles (Under Users & Permissions plugin)
Click on Public, wait for 2-3 seconds. It takes time to load settings
Click checkbox for count, findone find
Click save

Public Permissions

Configuring Authenticated user permissions:

Similarly click on “Authenticated” Role
Click checkbox for count, create, delete, find, findone, update
Click save

Authenticated Permissions

Try on Postman

GET All Articles

Do a GET request for all articles:

GET /articles

Get all Articles

GET single article by id

GET /articles/{id}

Get single Article

Create Article

Now, if you try to create by anonymous user, you will get http error: 401

Because we have configured to create article only by authenticated users.

We will see this in next post, how we can create an article by REST API and an authenticated user.

Note: So far, we have only configured that only authenticated users can create/edit/delete the article. But, we do not want any authenticated user to update or delete any other article.

Lets see next post for configuring this.

Tutorial - How to Create a Content-type, and Configure User Permissions for REST APIs

Introduction

Objective

Create an Article Content type

Create New Article

Setting up Permissions for REST API

Configuring Anonymous(Public) user permissions:

Configuring Authenticated user permissions:

Try on Postman

GET All Articles

GET single article by id

Create Article

Related Posts

Strapi Tutorial - How to Configure Slug to have Nice URLs for SEO

How to Create Article by REST API and Configure only Author can Edit/Update/Delete articles

Tutorial - How to Setup Strapi Backend with Mongodb

How to use Draft.js WYSWYG with Next.js and Strapi Backend, Edit/Update Saved Article

How to use Draft.js WYSWYG with Next.js and Strapi Backend, Create and View Article with Image Upload

How to Integrate Next.js with Strapi Backend and Create a common utility class for REST APIs

Latest Posts

Claude Code Skills — Build a Better Engineering Workflow with AI-Powered Code Reviews, Security Scans, and More

Building an AI Voicebot for Visitor Check-In — A Practical Guide to Handling the Messy Parts

Server Security Best Practices — Complete Hardening Guide for Production Systems

Staff Engineer Study Plan for MAANG Interviews — The Complete 12-Week Roadmap

XSS and CSRF Explained — The Complete Guide with Real Attack Examples and Defenses

OWASP Top 10 (2021) — Every Vulnerability Explained with Code