Webflow only has one API token that has all permissions. You should be able to generate read-only tokens, which would be better for security.

At minimum, we should be able to generate a READ+WRITE token, and a READ-ONLY token. But ideally should be able to manage any number of tokens so that different clients or environments can be given different tokens.