diff --git a/docs/developer-docs/latest/setup-deployment-guides/configurations/optional/api-tokens.md b/docs/developer-docs/latest/setup-deployment-guides/configurations/optional/api-tokens.md
index a8764652cc..95149c290f 100644
--- a/docs/developer-docs/latest/setup-deployment-guides/configurations/optional/api-tokens.md
+++ b/docs/developer-docs/latest/setup-deployment-guides/configurations/optional/api-tokens.md
@@ -17,6 +17,11 @@ New API tokens are generated from the [admin panel](/user-docs/latest/settings/m
 
 When performing a request to Strapi's [REST API](/developer-docs/latest/developer-resources/database-apis-reference/rest-api.md), the API token should be added to the request's `Authorization` header with the following syntax: `bearer your-api-token`.
 
+::: note
+
+Read-only API tokens can only access the `find` and `findOne` functions.
+:::
+
 ## Configuration
 
 New API tokens are generated using a salt. This salt is automatically generated by Strapi and stored in `.env` as `API_TOKEN_SALT`.