diff --git a/packages/core/admin/server/controllers/api-token.js b/packages/core/admin/server/controllers/api-token.js
index 6ac27b28bb..3c5c5be5dc 100644
--- a/packages/core/admin/server/controllers/api-token.js
+++ b/packages/core/admin/server/controllers/api-token.js
@@ -24,6 +24,7 @@ module.exports = {
       name: trim(body.name),
       description: trim(body.description),
       type: body.type,
+      permissions: body.permissions,
     };
 
     await validateApiTokenCreationInput(attributes);
diff --git a/packages/core/admin/server/validation/api-tokens.js b/packages/core/admin/server/validation/api-tokens.js
index dfc2e59481..d6ad64d4f6 100644
--- a/packages/core/admin/server/validation/api-tokens.js
+++ b/packages/core/admin/server/validation/api-tokens.js
@@ -15,6 +15,10 @@ const apiTokenCreationSchema = yup
       .string()
       .oneOf(Object.values(constants.API_TOKEN_TYPE))
       .required(),
+    permissions: yup
+      .array()
+      .of(yup.string())
+      .nullable(),
   })
   .noUnknown();
 
@@ -30,6 +34,10 @@ const apiTokenUpdateSchema = yup
       .string()
       .oneOf(Object.values(constants.API_TOKEN_TYPE))
       .notNull(),
+    permissions: yup
+      .array()
+      .of(yup.string())
+      .nullable(),
   })
   .noUnknown();