diff --git a/src/content/docs/analytics/graphql-api/getting-started/authentication/api-token-auth.mdx b/src/content/docs/analytics/graphql-api/getting-started/authentication/api-token-auth.mdx
index 6cab9ebe618b9c0..8f06bb279c74276 100644
--- a/src/content/docs/analytics/graphql-api/getting-started/authentication/api-token-auth.mdx
+++ b/src/content/docs/analytics/graphql-api/getting-started/authentication/api-token-auth.mdx
@@ -51,7 +51,9 @@ The **Create Custom Token** page displays:
 
 1. Enter a descriptive name for your token in the **Token name** text input field.
 
-2. To configure access to the GraphQL Analytics API, use the **Permissions** drop-down lists. To set permissions for the GraphQL Analytics API, select *Analytics* from the second drop-down list.
+2. To configure access to the GraphQL Analytics API, use the **Permissions** drop-down lists.
+
+3. To set permissions for the GraphQL Analytics API, select **Account** in the first drop-down list, **Analytics** from the second drop-down list, and **Read** from the third.
 
 This example scopes zone-level permissions for read access to the Analytics API: