From 5e7e35037f0149216e94433301cba1c5db927afe Mon Sep 17 00:00:00 2001
From: Shaun Brown <shaun.brown@strapi.io>
Date: Fri, 23 Sep 2022 16:28:22 +0200
Subject: [PATCH] Add callout for read-only API tokens

---
 .../configurations/optional/api-tokens.md                    | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/docs/developer-docs/latest/setup-deployment-guides/configurations/optional/api-tokens.md b/docs/developer-docs/latest/setup-deployment-guides/configurations/optional/api-tokens.md
index a8764652cc..95149c290f 100644
--- a/docs/developer-docs/latest/setup-deployment-guides/configurations/optional/api-tokens.md
+++ b/docs/developer-docs/latest/setup-deployment-guides/configurations/optional/api-tokens.md
@@ -17,6 +17,11 @@ New API tokens are generated from the [admin panel](/user-docs/latest/settings/m
 
 When performing a request to Strapi's [REST API](/developer-docs/latest/developer-resources/database-apis-reference/rest-api.md), the API token should be added to the request's `Authorization` header with the following syntax: `bearer your-api-token`.
 
+::: note
+
+Read-only API tokens can only access the `find` and `findOne` functions.
+:::
+
 ## Configuration
 
 New API tokens are generated using a salt. This salt is automatically generated by Strapi and stored in `.env` as `API_TOKEN_SALT`.