Read-only Personal access tokens

Hi there, when using the Netlify API, Personal access tokens seem to allow full access.
Is it possible to get a read-only token that could be used just for extracting site data?

(this particular user case is about allowing someone to fetch data from Netlify Forms)

Many thanks,

Hi George,

Yes this is possible. To create a read only token you can do the following:

  1. navigate to the “User settings” section.
  2. click on the “Access tokens” tab and then click on the “New access token” button.
  3. select the permissions you want to grant it. In this case, you should only grant it the “Forms” permission
  4. “Generate token”

Thank you for the speedy response.
Seems too obvious! I see no option to grant permissions when I create a new token :frowning:

I think that is a ‘Business’ class feature (Netlify Pricing and Plans says that ‘role-based access control’ is a feature of the ‘Business’ plan).

Hi, @George_A daniel is right you need to be on a Business plan for specific role access. Sorry I didn’t catch that earlier.

Ohhhhh well spotted. Thank you! :slight_smile:

1 Like

Hello! I’m on Enterprise and don’t see this option. I was wondering if I can get assistance enabling this. (referring to RBAC on personal access tokens)

I’m afraid, @danielfdickinson1’s solution is slightly off-the mark. There’s no way yet to set a read-only PAT, not on any plan. The feature that they talked about is about JWT Secret for RBAC for visitors which has nothing to do with PATs.

@Joroze, RBAC doesn’t exist for PATs yet.