Product Updates

DatoCMS changelog for new features and general improvements
Security API Clients Content Delivery API Content Management API

We no longer create a default full-access API token for new projects

May 5th, 2025

To promote safer and more intentional permission management, new DatoCMS projects will no longer generate a default full-access API token (i.e. one with both read and write permissions for all APIs).

Previously, new projects came with two tokens by default: a full-access token and a read-only token. From now on, only the read-only token will be created automatically. This change encourages users to explicitly define the scope of each token based on their specific needs.

🔒 Reminder:
Existing projects still have this legacy token. If you’re using it, we strongly recommend ensuring it’s used only in trusted environments.

Start using DatoCMS today
According to Gartner 89% of companies plan to compete primarily on the basis of customer experience this year. Don't get caught unprepared.
  • No credit card
  • Easy setup
Subscribe to our newsletter! 📥
One update per month. All the latest news and sneak peeks directly in your inbox.
support@datocms.com ©2025 Dato srl, all rights reserved P.IVA 06969620480