Airtable API key deprecation notice

To check the status of your migrated connections in Zapier, you can navigate to your Zapier dashboard and click on "Test" next to the account. Zapier will attempt to make a connection with the associated Airtable integration. If the connection is successful, you'll see a message like "Success! Your account is working properly." If there's an issue, Zapier should provide an error message detailing the problem. Please refer to Zapier’s instructions to Test your app connection for failures.

To check your connected accounts in Airtable, click on your Profile picture in the top-right corner of Airtable, click “Integrations”, then "Third-party integrations”. From here, you can view integrations that have already been converted to OAuth authorizations, revoke access, or limit access to specific bases and workspaces: see this support article for more details

For Enterprise Scale customers, after the migration, Zapier will be controlled under the Disable API access for third-party integrations setting in your enterprise’s OAuth settings.

This setting applies to OAuth integrations, not legacy user API keys. If your enterprise has blocked API access for third-party integrations and has not added Zapier to the Third-party integration allowlist, you might start seeing failures. The API error will be OAUTH_INTEGRATION_NOT_ALLOWED_FOR_ENTERPRISE, and the message will be "This OAuth integration is restricted by the enterprise that the authorized user belongs to. The authorized user needs to request their enterprise admin to allow this integration."

To prevent this, as an Airtable Admin, you can allowlist Zapier ahead of time. To do this:

1. Navigate to Admin Panel and click on Settings. 

2. Then click on Integrations & development. 

3. Scroll down to Block API access for all third-party integrations. If this setting is toggled on and you wish to allow Zapier, add the Zapier integration to the Third party integration allowlist by providing the Client ID b8128479-33a9-493c-8f95-2e6309c37c99.

As a non-Admin user, you can view whether or not your Zapier integration is being blocked by this Enterprise Admin setting by clicking on your Profile picture in Airtable -> Integrations -> Third party integrations. If the integration is authorized with a Service Account, you'll need to ask an Enterprise Admin to view the Users page of the Admin panel to view the Service Account’s OAuth Integrations.

Please note that these types of connections using legacy user API keys would be expected to stop working regardless of when the legacy API keys are fully deprecated on February 1st, 2024. Zapier has been sending advance notice emails about this migration

Personal Access Tokens and OAuth provide a higher standard for security over API Keys, which were the predecessors that provided “all-or-nothing” access over everything that an Airtable user account could see or do. These new methods have more granular control of resources and scopes and allow you to extend Airtable, all while ensuring the highest grade of security.

Anyone using API Keys will be affected by this change. This could be you as an end-user, or some other end-user for whom you have built an existing integration upon the Airtable API.

Third-party services need to migrate to using OAuth for authentication - many partners are already working on this.

We recommend that you contact the third-party services currently supporting API keys and request that they add OAuth support before our deprecation period ends. As a reminder, API keys can still be utilized until February 2024. So, until then, no direct action is needed to ensure that your existing integrations will work related to this change.

• As a user - After the third-party service has migrated to using OAuth, then you can re-connect with Airtable from the third-party website/app/etc. Here are guides written by Zapier, Make, and Fivetran on how to migrate your usage

• As a developer - Please refer to this guide on how to implement OAuth with Airtable.

You will need to update your API integrations to use personal access tokens instead of API keys before February 2024.

Personal access tokens can be created at https://airtable.com/create/tokens. After a PAT has been created, you can use it to authorize your API requests, replacing the way that API keys were used in the past. You can find more information in this guide.

If you are an enterprise admin, you can also create a personal access token for a service account from the Admin Panel.

Note

If you were previously passing your API key as a query parameter, you will also need to update your API requests to pass the personal access token via the HTTP authorization bearer header instead. More information is available here.

Unlike legacy API keys, which have the same access as your Airtable account, you can limit and configure the access of your personal access tokens. You can do this by selecting the scopes (what endpoints the token can use) and access/resources (which bases and workspaces the token can access) when creating or updating a token. 

Regardless of the scopes and access a user selects for their token, the token will only be able to perform actions that the user themselves is allowed to do. For example, to create a new field in a base via the API, the user must be a Creator collaborator in the base, plus the token must have the schema.bases:write scope and the base added as a resource. 

For more information about how scopes and access work, see the Authentication developer reference. For more information about configuring your token's access, refer to the personal access tokens guide.

We understand this is a big change, so we’ll be sending out more actionable details in the coming weeks to make this transition as smooth as possible. Keep a lookout for an email from team@mail.airtable.com soon (Mid-February 2023).