diff --git a/packages/core/admin/server/controllers/api-token.js b/packages/core/admin/server/controllers/api-token.js
index 3c5c5be5dc..9f82f17e75 100644
--- a/packages/core/admin/server/controllers/api-token.js
+++ b/packages/core/admin/server/controllers/api-token.js
@@ -86,6 +86,11 @@ module.exports = {
       attributes.description = trim(body.description);
     }
 
+    // Don't allow updating lastUsed time
+    if (has(attributes, 'lastUsed')) {
+      throw new ApplicationError('lastUsed cannot be updated');
+    }
+
     await validateApiTokenUpdateInput(attributes);
 
     const apiTokenExists = await apiTokenService.getById(id);