GuidesAPI Token Permissions

Access Control

API Token Permissions

Control exactly what each API token can do. Give team members the access they need without exposing your entire ad account.

Takes less than 2 minutes to set up

Why Access Control Matters

When multiple people or systems access your Meta Ads through the MCP, you need guardrails. Permission-scoped tokens let you define exactly what each token can do.

Team Safety

Give analysts read-only access so they can pull reports without accidentally modifying campaigns.

Automation Guardrails

Limit automated scripts to only the operations they need. A reporting bot should not be able to pause campaigns.

Client Isolation

Restrict tokens to specific ad accounts so a team member working on Client A cannot access Client B.

Read-Only Access

Read-Only API Tokens

The simplest way to share access safely. A read-only token can view campaigns, pull insights, and generate reports — but cannot create, update, or delete anything.

What Read-Only Tokens Can Do

View campaigns, ad sets, and ads
Pull performance insights and metrics
List ad accounts and their details
Search for campaigns by name or status
View ad creatives and their configurations
Generate performance reports

What Read-Only Tokens Cannot Do

Create new campaigns, ad sets, or ads
Update budgets, bids, or targeting
Pause or activate campaigns
Duplicate campaigns or ads
Upload creative assets
Delete or archive anything

How to Create a Read-Only Token

Go to Settings

Navigate to Settings > API Tokens in your Pipeboard dashboard.

Create a new token

Click "Generate Token" and give it a descriptive name like "Reporting Bot" or "Analyst - Sarah".

Select Read-Only permissions

Toggle the permission mode to "Read-Only". This restricts the token to only viewing and reporting tools.

Share the token

Copy and share the token with your team member or configure it in your automation tool.

Permission-scoped tokens are available on the Premium plan and above.

Custom Permissions

Fine-Grained Tool Access

Beyond read-only, you can select exactly which MCP tools each token has access to. Build tokens that match specific workflows.

Reporting Token

For analysts who need insights but should not modify campaigns.

get_campaigns
get_adsets
get_ads
get_insights
get_ad_creatives
get_account_info

Campaign Manager Token

For managers who need to view and adjust budgets and statuses.

get_campaigns
get_adsets
get_insights
update_campaign
update_adset
update_ad

Creative Ops Token

For creative teams uploading assets and managing ad content.

get_ads
get_ad_creatives
create_ad
create_ad_creative
upload_ad_image
upload_ad_video

Full Access Token

For trusted automation systems that need the complete toolset.

All 30+ tools
Including bulk operations
Including campaign creation
Including duplication
Including deletion
Including creative upload

Account Scoping

Per-Account Token Scoping

Restrict tokens to specific ad accounts. When a team member or automation tool uses a scoped token, they can only interact with the accounts you explicitly allow.

Built for Agency Workflows

Agencies managing multiple client accounts need strict boundaries. With per-account scoping, you create a dedicated token for each client or team member — ensuring complete isolation between accounts.

Sarah - Acme Corp

act_123456 (Acme US)

act_123457 (Acme EU)

Full access

James - Widget Inc

act_789012 (Widget Main)

Read-only

Reporting Bot

act_123456

act_789012

act_345678

get_insights only

Combine Permissions with Account Scoping

The most powerful configuration: restrict both what a token can do and which accounts it can access. This gives you complete control over every integration point.

Example: Junior Media Buyer

Accounts:act_123456 (Sandbox Account)

Tools:

get_campaigns, get_insights

update_campaign, update_adset

Can view and adjust campaigns in the sandbox account only.

Example: n8n Automation

Accounts:All 12 client accounts