Show examples in:
Javascript HTTP
Endpoint info
Available examples
Content Management API > API token

Rotate API token

Rotates the secret value of an API token. The role and API surface flags are preserved; only the attributes.token value changes.

⚠️ The previous secret is invalidated immediately

Any client still using the old value will start receiving 401 Unauthorized on its very next request. Rotate during a deploy window where you can ship the new secret to all consumers atomically, or accept a brief outage for any caller you forget to update.

The new secret is returned in attributes.token of the response (and on every subsequent read, as long as the caller has can_manage_access_tokens).

Returns

Returns a resource object of type access_token

Examples

import { buildClient } from "@datocms/cma-client-node";


async function run() {
  const client = buildClient({ apiToken: process.env.DATOCMS_API_TOKEN });


  const accessTokenId = "312";


  const accessToken = await client.accessTokens.regenerateToken(accessTokenId);


  // Check the 'Returned output' tab for the result ☝️
  console.log(accessToken);
}


run();
{
  id: "312",
  name: "Read-only API token",
  hardcoded_type: "",
  can_access_cda: true,
  can_access_cda_preview: true,
  can_access_cma: true,
  last_cma_access: "never",
  last_cda_access: "never",
  role: { type: "role", id: "34" },
}
Did this doc help you?
Yes
No
Would you like to add more information?
Optional
To receive further updates or address your feedback, kindly share your email address with us.
Optional

If you need a reply, please contact support instead.

Need help?
Explore our forum, contact support, or connect with our sales team . You can also chat live with other users in our Slack channel.