Read-only Personal access tokens

Support
1

Hi there, when using the Netlify API, Personal access tokens seem to allow full access.
Is it possible to get a read-only token that could be used just for extracting site data?

(this particular user case is about allowing someone to fetch data from Netlify Forms)

Many thanks,
George

2

Hi George,

Yes this is possible. To create a read only token you can do the following:

  1. navigate to the ā€œUser settingsā€ section.
  2. click on the ā€œAccess tokensā€ tab and then click on the ā€œNew access tokenā€ button.
  3. select the permissions you want to grant it. In this case, you should only grant it the ā€œFormsā€ permission
  4. ā€œGenerate tokenā€
3

Thank you for the speedy response.
Seems too obvious! I see no option to grant permissions when I create a new token :frowning:

image
image1446Ɨ876 54 KB

4

I think that is a ā€˜Businessā€™ class feature (Netlify Pricing and Plans says that ā€˜role-based access controlā€™ is a feature of the ā€˜Businessā€™ plan).

5

Hi, @George_A daniel is right you need to be on a Business plan for specific role access. Sorry I didnā€™t catch that earlier.

6

Ohhhhh well spotted. Thank you! :slight_smile:

1 Like
7

Hello! Iā€™m on Enterprise and donā€™t see this option. I was wondering if I can get assistance enabling this. (referring to RBAC on personal access tokens)

8

Iā€™m afraid, @danielfdickinson1ā€™s solution is slightly off-the mark. Thereā€™s no way yet to set a read-only PAT, not on any plan. The feature that they talked about is about JWT Secret for RBAC for visitors which has nothing to do with PATs.

@Joroze, RBAC doesnā€™t exist for PATs yet.