Creating a read-only API key
  • 15 Nov 2022
  • 2 Minutes to read
  • Dark

Creating a read-only API key

  • Dark

Your Airtable API key allows you to use our Web API to create, fetch, update, and delete records in the bases you have access to in Airtable. Your API key follows the same permissions that your account has in the Airtable UI: if you have read-only permissions in a base, the only action you can take with the API for that base is fetching records (not updating, or creating, or deleting records). If you have Creator permissions and can create, update, and delete records in a base in the Airtable UI, then you will be able to perform all of those actions in that base via the API.

There are several third-party integrations that interact with Airtable via the API, and they will often ask for your API key as part of the integration process.


It's important to understand that your API key provides full access to these operations in all of the bases your account has access to, so your API key should only be shared with third-party services and applications that you trust.

Each Airtable account only has one API key. It’s not currently possible to add restrictions to the scope of your account’s API key, but the steps below outline a method for generating a new API key with restricted permissions by creating a separate account.


1. Create a new Airtable account

Log out of your personal Airtable account and head to to create a new account, using a different email address than you normally use to log into Airtable.

2. Generate an API key for this new account

Once you've created the new account and logged in, head to the account page and generate an API key. More detailed instructions can be found here. Make note of this API key and keep it handy.


3. Add the read-only account as a base collaborator

While logged into your personal Airtable account again, add this new account as a read-only collaborator on the base that needs to be accessed with the integration you want to configure. In this case, it's best to add the read-only account as a base collaborator, rather than a workspace collaborator. If you add the account as a workspace collaborator, it will have access to all bases in a workspace (including bases that will be created in the future).


As long as you add the account at the read-only permissions level, this will not affect your billing if your workspace is on the Plus or Pro plan.<

4. Use this new account's API key in your integration

When prompted for "your Airtable API key" in setting up a new integration, use the API key that you generated for this new account, rather than the API key for your personal Airtable account. This way, the integration can only access bases that are explicitly shared with this new account, rather than all of the bases that you can access with your personal Airtable account.

your title goes here

Users connected to Enterprise accounts can use the Enterpise API to clear and/or regenerate API keys for a specified user.

Was this article helpful?