Client using current ACL is able to list services but cannot inspect them

Hi all

I have registered the following service in my Consul cluster:

  "Name": "AlarmManager",
  "Tags": ["alarmmanager"],
  "Address": "IP",
  "Port": PORT,
  "check": {
    "name": "Check Alarm Manager",
    "http": "http://IP:PORT",
    "method": "GET",
    "interval": "60s",
    "timeout": "5s"
  "Weights": {
    "Passing": 10,
    "Warning": 1

Using consul API:

curl     --header "X-Consul-Token: ${CONSUL_HTTP_TOKEN}"  --request PUT  --data @alarmmanager.json

After setting the following ACL:

service "AlarmManager" { 
  policy = "read"

After creating a token with only that policy attached, an API call using that token is able to list this service:

curl     --header "X-Consul-Token: TOKEN"

But there is no info when calling directly to service:

curl     --header "X-Consul-Token: TOKEN"

Service Check is passing green and performing the same call with Consul Master Token retrieves Service info.

Could you please tell me what I am doing wrong?

Thank you,

There’s a typo in your URL:

It was a mistake when I copied the command:

curl     --header "X-Consul-Token: Token"

It seems to be working with the following policy

node_prefix "" {
  policy = "read"

service "AlarmManager" {
  policy = "read"

Is ths ok or this policy is too open for reading only a service?