diff --git a/lib/configuration/hooks/dashboard/config/config.js b/lib/configuration/hooks/dashboard/config/config.js
new file mode 100644
index 0000000000..3759605799
--- /dev/null
+++ b/lib/configuration/hooks/dashboard/config/config.js
@@ -0,0 +1,56 @@
+'use strict';
+
+/**
+ * Returns the config for the dashboard.
+ */
+
+module.exports = function * () {
+
+  try {
+    // Init output object.
+    const output = {};
+
+    // Set the config.
+    output.settings = {
+      url: strapi.config.url,
+      i18n: strapi.config.i18n
+    };
+
+    // Set the models.
+    output.models = strapi.models;
+
+    // Format `config.api` for multi templates models.
+    _.forEach(strapi.api, function (api, key) {
+      if (api.templates) {
+        output.models[key].templates = {};
+      }
+
+      // Assign the template attributes with the model attributes.
+      _.forEach(api.templates, function (template, templateName) {
+        output.models[key].templates[templateName] = {};
+        output.models[key].templates[templateName].attributes = {};
+        _.forEach(template.attributes, function (value, attributeKey) {
+          output.models[key].templates[templateName].attributes[attributeKey] = _.cloneDeep(output.models[key].attributes[attributeKey]);
+        });
+        output.models[key].templates[templateName].displayedAttribute = template.displayedAttribute;
+      });
+    });
+
+    // User count.
+    const promises = [];
+    promises.push(strapi.orm.collections.user.count());
+
+    // Execute promises.
+    const response = yield promises;
+
+    // Define if the app is considered as new.
+    const userCount = response[0];
+    output.settings.isNewApp = !userCount;
+
+    // Finally send the result in the callback.
+    this.body = output;
+  } catch (err) {
+    this.status = 500;
+    this.body = err;
+  }
+};
diff --git a/lib/configuration/hooks/dashboard/config/index.js b/lib/configuration/hooks/dashboard/config/index.js
new file mode 100644
index 0000000000..5c6d36a340
--- /dev/null
+++ b/lib/configuration/hooks/dashboard/config/index.js
@@ -0,0 +1,9 @@
+'use strict';
+
+/**
+ * Index of the explorer hook config actions.
+ */
+
+module.exports = {
+  config: require('./config')
+};
diff --git a/lib/configuration/hooks/dashboard/explorer/count.js b/lib/configuration/hooks/dashboard/explorer/count.js
index ca9fed7a5c..60444e1dd3 100644
--- a/lib/configuration/hooks/dashboard/explorer/count.js
+++ b/lib/configuration/hooks/dashboard/explorer/count.js
@@ -1,3 +1,5 @@
+'use strict';
+
 /**
  * Count entries of a model.
  */
diff --git a/lib/configuration/hooks/dashboard/explorer/create.js b/lib/configuration/hooks/dashboard/explorer/create.js
index a158bd38cd..f19896a729 100644
--- a/lib/configuration/hooks/dashboard/explorer/create.js
+++ b/lib/configuration/hooks/dashboard/explorer/create.js
@@ -1,3 +1,5 @@
+'use strict';
+
 /**
  * Create a new entry.
  */
diff --git a/lib/configuration/hooks/dashboard/explorer/destroy.js b/lib/configuration/hooks/dashboard/explorer/destroy.js
index cd65985a35..b06771da11 100644
--- a/lib/configuration/hooks/dashboard/explorer/destroy.js
+++ b/lib/configuration/hooks/dashboard/explorer/destroy.js
@@ -1,3 +1,5 @@
+'use strict';
+
 /**
  * Destroy a specific entry.
  */
diff --git a/lib/configuration/hooks/dashboard/explorer/find.js b/lib/configuration/hooks/dashboard/explorer/find.js
index 56831046d8..1b159b4fcb 100644
--- a/lib/configuration/hooks/dashboard/explorer/find.js
+++ b/lib/configuration/hooks/dashboard/explorer/find.js
@@ -1,3 +1,5 @@
+'use strict';
+
 /**
  * List every entries of a model.
  */
diff --git a/lib/configuration/hooks/dashboard/explorer/findOne.js b/lib/configuration/hooks/dashboard/explorer/findOne.js
index 1ad455aa9e..cecce7b5e3 100644
--- a/lib/configuration/hooks/dashboard/explorer/findOne.js
+++ b/lib/configuration/hooks/dashboard/explorer/findOne.js
@@ -1,3 +1,5 @@
+'use strict';
+
 /**
  * Show a specific entry.
  */
diff --git a/lib/configuration/hooks/dashboard/explorer/index.js b/lib/configuration/hooks/dashboard/explorer/index.js
index c6055d0d8d..05dee79065 100644
--- a/lib/configuration/hooks/dashboard/explorer/index.js
+++ b/lib/configuration/hooks/dashboard/explorer/index.js
@@ -1,3 +1,5 @@
+'use strict';
+
 /**
  * Index of the explorer hook explorer actions.
  */
diff --git a/lib/configuration/hooks/dashboard/explorer/update.js b/lib/configuration/hooks/dashboard/explorer/update.js
index f72bb32892..349cc216f0 100644
--- a/lib/configuration/hooks/dashboard/explorer/update.js
+++ b/lib/configuration/hooks/dashboard/explorer/update.js
@@ -1,3 +1,5 @@
+'use strict';
+
 /**
  * Update a specific entry.
  */
diff --git a/lib/configuration/hooks/dashboard/index.js b/lib/configuration/hooks/dashboard/index.js
index 91e66d4f6d..d269c1cd90 100644
--- a/lib/configuration/hooks/dashboard/index.js
+++ b/lib/configuration/hooks/dashboard/index.js
@@ -7,6 +7,7 @@
 // Local dependencies.
 const explorerActions = require('./explorer/index');
 const routesActions = require('./routes/index');
+const configActions = require('./config/index');
 
 /**
  * Public explorer hook
@@ -24,38 +25,44 @@ module.exports = function (strapi) {
         // Data explorer routes.
         'GET /dashboard/explorer/:model/count': {
           controller: explorerActions.count,
-          policies: ['isAuthorized']
+          policies: ['dashboardToken', 'isAuthorized']
         },
         'POST /dashboard/explorer/:model': {
           controller: explorerActions.create,
-          policies: ['isAuthorized']
+          policies: ['dashboardToken', 'isAuthorized']
         },
         'DELETE /dashboard/explorer/:model/:id': {
           controller: explorerActions.destroy,
-          policies: ['isAuthorized']
+          policies: ['dashboardToken', 'isAuthorized']
         },
         'GET /dashboard/explorer/:model': {
           controller: explorerActions.find,
-          policies: ['isAuthorized']
+          policies: ['dashboardToken', 'isAuthorized']
         },
         'GET /dashboard/explorer/:model/:id': {
           controller: explorerActions.findOne,
-          policies: ['isAuthorized']
+          policies: ['dashboardToken', 'isAuthorized']
         },
         'PUT /dashboard/explorer/:model': {
           controller: explorerActions.update,
-          policies: ['isAuthorized']
+          policies: ['dashboardToken', 'isAuthorized']
         },
         // Routes and permissions routes.
         'GET /dashboard/routes': {
           controller: routesActions.find,
           action: 'find',
-          policies: ['isAuthorized']
+          policies: ['dashboardToken', 'isAuthorized']
         },
         'PUT /dashboard/routes': {
           controller: routesActions.update,
           action: 'update',
-          policies: ['isAuthorized']
+          policies: ['dashboardToken', 'isAuthorized']
+        },
+        // Config routes
+        'GET /dashboard/config': {
+          controller: configActions.config,
+          action: 'index',
+          policies: ['dashboardToken']
         }
       }
     },
diff --git a/lib/configuration/hooks/dashboard/policies/dashboardToken.js b/lib/configuration/hooks/dashboard/policies/dashboardToken.js
new file mode 100644
index 0000000000..60aab23e09
--- /dev/null
+++ b/lib/configuration/hooks/dashboard/policies/dashboardToken.js
@@ -0,0 +1,23 @@
+'use strict';
+
+/**
+ * Policy used to check if the `dashboardToken` field is valid.
+ *
+ * @param next
+ */
+
+module.exports = function * (next) {
+  // Format dashboardToken variables.
+  const dashboardTokenParam = this.request.query.dashboardToken || this.request.body.dashboardToken;
+  const dashboardTokenConfig = strapi.config.dashboard && strapi.config.dashboard.token;
+
+  // Check dashboardToken for security purposes.
+  if (!dashboardTokenParam || !dashboardTokenConfig || dashboardTokenParam !== dashboardTokenConfig) {
+    this.status = 401;
+    this.body = {
+      message: 'dashboardToken parameter is invalid.'
+    };
+  } else {
+    yield next;
+  }
+};
diff --git a/lib/configuration/hooks/dashboard/routes/index.js b/lib/configuration/hooks/dashboard/routes/index.js
index 46c8a17508..4e1d0b2d10 100644
--- a/lib/configuration/hooks/dashboard/routes/index.js
+++ b/lib/configuration/hooks/dashboard/routes/index.js
@@ -1,3 +1,5 @@
+'use strict';
+
 /**
  * Index of the explorer hook routes actions.
  */
diff --git a/lib/configuration/hooks/router/index.js b/lib/configuration/hooks/router/index.js
index 4f338320ee..7ab2af8847 100644
--- a/lib/configuration/hooks/router/index.js
+++ b/lib/configuration/hooks/router/index.js
@@ -9,6 +9,7 @@ const _ = require('lodash');
 
 // Local utilities.
 const regex = require('../../../../util/regex');
+const dashboardTokenPolicy = require('../dashboard/policies/dashboardToken');
 
 /**
  * Router hook
@@ -61,6 +62,11 @@ module.exports = function (strapi) {
         };
       }
 
+      // Add the `dashboardPolicy` to the list of policies.
+      if (strapi.config.dashboard.enabled) {
+        strapi.policies.dashboardToken = dashboardTokenPolicy;
+      }
+
       // Parse each route from the user config, load policies if any
       // and match the controller and action to the desired endpoint.
       _.forEach(strapi.config.routes, function (value, endpoint) {