Update an API token
Updates an API token's name, role, or API surface flags. The token's secret value is not affected — to rotate it, use the Rotate API token endpoint.
If you omit relationships from the payload, the token's existing role is preserved. Send relationships.role only when you want to reassign the token to a different role.
Changes to the role or surface flags take effect immediately. A request that was permitted under the previous configuration may be rejected on the very next call once the new permissions have been written.
The project's built-in factory tokens (those whose attributes.hardcoded_type is non-null) reject this endpoint with NON_EDITABLE_ACCESS_TOKEN. They can still be deleted or rotated.
Body parameters
Name of API token
"Read-only API token"
Whether this API token can call the Content Delivery API (graphql.datocms.com) to fetch published content.
Whether this API token can call the Content Delivery API with the X-Include-Drafts: true header to fetch draft (current, unpublished) content. There is no separate endpoint — the CDA is a single GraphQL endpoint and this flag governs whether requesting drafts is allowed.
Whether this API token can access the Content Management API
Returns
Returns a resource object of type access_token
Examples
import { buildClient } from "@datocms/cma-client-node";
async function run() { const client = buildClient({ apiToken: process.env.DATOCMS_API_TOKEN });
const accessTokenId = "312";
const accessToken = await client.accessTokens.update(accessTokenId, { id: "312", name: "Read-only API token", can_access_cda: true, can_access_cda_preview: true, can_access_cma: true, });
// Check the 'Returned output' tab for the result ☝️ console.log(accessToken);}
run();{ id: "312", name: "Read-only API token", hardcoded_type: "", can_access_cda: true, can_access_cda_preview: true, can_access_cma: true, last_cma_access: "never", last_cda_access: "never", role: { type: "role", id: "34" },}