Security API Clients Content Delivery API Content Management API
We no longer create a default full-access API token for new projects
May 5th, 2025
To promote safer and more intentional permission management, new DatoCMS projects will no longer generate a default full-access API token (i.e. one with both read and write permissions for all APIs).
Previously, new projects came with two tokens by default: a full-access token and a read-only token. From now on, only the read-only token will be created automatically. This change encourages users to explicitly define the scope of each token based on their specific needs.
🔒 Reminder:
Existing projects still have this legacy token. If you’re using it, we strongly recommend ensuring it’s used only in trusted environments.