Show examples in:
Javascript HTTP
Endpoint info
Available examples
Content Management API > API token

Delete an API token

Deletes an API token. The secret is invalidated immediately and any client still using it will receive 401 Unauthorized on its next request.

API tokens are first-class users in DatoCMS — they can own records, uploads, filters, and editing sessions. When the token to delete owns any such resources, the request must specify a destination owner via the destination_user_type (user, sso_user, access_token, or account) and destination_user_id query parameters; ownership is transferred to that user before the token is removed. If the token owns nothing, the parameters can be omitted.

A token cannot delete itself — this endpoint rejects requests authenticated with the very token being destroyed (CANNOT_DESTROY_CURRENT_USER). Use a different credential to revoke it.

Query parameters

destination_user_type enum

New owner for resources previously owned by the deleted access token. This argument specifies the new owner type. Use account or organization to reassign to the project's owner — client.site.find().owner returns the right type/id pair to pass.

Example: "account"
account
organization
user
access_token
sso_user
destination_user_id string

New owner for resources previously owned by the deleted access token. This argument specifies the new owner ID.

Example: "7865"

Returns

Returns a resource object of type access_token.

Examples

DELETE https://site-api.datocms.com/access_tokens/:access_token_id HTTP/1.1
Authorization: Bearer YOUR-API-TOKEN
Accept: application/json
X-Api-Version: 3
Terminal window
curl -g 'https://site-api.datocms.com/access_tokens/:access_token_id' \
  -X DELETE \
  -H "Authorization: Bearer YOUR-API-TOKEN" \
  -H "Accept: application/json" \
  -H "X-Api-Version: 3"
await fetch("https://site-api.datocms.com/access_tokens/:access_token_id", {
  method: "DELETE",
  headers: {
    Authorization: "Bearer YOUR-API-TOKEN",
    Accept: "application/json",
    "X-Api-Version": "3",
  },
});
HTTP/1.1 200 OK
Content-Type: application/json
Cache-Control: cache-control: max-age=0, private, must-revalidate
X-RateLimit-Limit: 30
X-RateLimit-Remaining: 28


{
  "data": {
    "type": "access_token",
    "id": "312",
    "attributes": {
      "name": "Read-only API token",
      "hardcoded_type": "",
      "can_access_cda": true,
      "can_access_cda_preview": true,
      "can_access_cma": true,
      "last_cma_access": "never",
      "last_cda_access": "never"
    },
    "relationships": {
      "role": {
        "data": {
          "type": "role",
          "id": "34"
        }
      }
    }
  }
}
Did this doc help you?
Yes
No
Would you like to add more information?
Optional
To receive further updates or address your feedback, kindly share your email address with us.
Optional

If you need a reply, please contact support instead.

Need help?
Explore our forum, contact support, or connect with our sales team . You can also chat live with other users in our Slack channel.