DatoCMS CLI

Authenticate with an API token

Use an API token to authenticate the CLI when OAuth isn't an option, typically in CI/CD pipelines where there is no browser. The CLI resolves authentication in this order:

  1. --api-token flag on the command

  2. linked project via OAuth (when datocms.config.json is present and you are logged in)

  3. environment variable (DATOCMS_API_TOKEN for the default profile).

The API token must have access to the Content Management API (can_access_cma: true). The exact set of role permissions you need depends on what you do with the CLI: schema migrations need permissions on models/fields, environment commands need environment management, maintenance mode needs the maintenance toggle, and so on.

You can pass the token as a parameter to every command:

Terminal window
$ npx datocms migrations:run --api-token=<YOUR-API-TOKEN> [...]

Or expose it as an environment variable:

Terminal window
$ export DATOCMS_API_TOKEN=<YOUR-API-TOKEN>
$ npx datocms migrations:run [...]

The CLI also loads environment variables from a .env or .env.local file, so you can place the token there. Make sure not to commit the file to your repo:

Terminal window
$ echo '.env' >> .gitignore
$ echo 'DATOCMS_API_TOKEN=<YOUR-API-TOKEN>' >> .env

Last updated:

Did this doc help you?
Yes
No
Would you like to add more information?
Optional
To receive further updates or address your feedback, kindly share your email address with us.
Optional

If you need a reply, please contact support instead.

Need help?
Explore our forum, contact support, or connect with our sales team . You can also chat live with other users in our Slack channel.