In order to make any request to the Content Management API (CMA), you need to first obtain an API token. Enter your project administrative area (ie. and go to the Project Settings > API Tokens section:

    Every project comes with two API tokens by default: one is read-only, and the other gives full read-write permissions to the project. Depending on your use case and the API requests you need to perform, you might want to use one or the other. You can also create a custom API token with a specific set of permissions of your choice.

    Once you have the API Token, you need to pass it as an Authorization header in each HTTP request you perform:

    curl \
    -H 'Authorization: Bearer <YOUR-API-TOKEN>' \
    -H 'Accept: application/json' \
    -H 'X-Api-Version: 3' \

    If you're using our Javascript client, you can pass the same API token as an option to the buildClient initialization function:

    import { buildClient } from '@datocms/cma-client-node';
    const client = buildClient({
    apiToken: '<YOUR_TOKEN>',