cURL: Operations not allowed

Hey folks, I’m trying to reach Dgraph’s cloud GraphQL endpoint via cURL, but to no avail.
Here’s the request:

$ curl -i -X POST -H "Content-Type: application/json" -H "Authorization: Bearer ..." -d '{"query":"query MyQuery {\n getUser(id: \"0x1a5048b0ae\") {\n name\n id }\n }"}'


HTTP/2 200
date: Thu, 05 Oct 2023 23:37:47 GMT
content-type: application/json
content-length: 74
access-control-allow-credentials: true
access-control-allow-headers: Content-Type, Accept-Encoding, Content-Length, X-Auth-Token, sentry-trace, DG-Auth, sentry-trace, DG-Auth
access-control-allow-methods: *
access-control-allow-origin: *
server: Caddy

{"data":null,"errors":[{"message":"Operations not allowed -- [getUser]"}]}%

This is exact query that I’ve copied over from cloud web UI, it’s working there. There’s a topic with similar title concerning multiple queries and using different access method, but this one is very simple cURL 1-query request, which for some reason does not pass.

Hey @ualinker,

This error message is coming from the Dgraph cloud controller. Can I ask what you have your Anon Access set to?

That setting is found in the Schema → Access tab on your cloud dashboard.

Hello Matthew, thank you for your help!

My anonymous access was turned off.
When I turned it on an adjusted rights - I was able to perform the query.
But I don’t need anonymous access to be on, since I am using API token authorization. I realised that the issue was with the header: GraphQL endpoint expects token to be within X-Auth-Token header, not Authorization.

1 Like