Creating and using API keys and access tokens
  • 23 Aug 2023
  • 7 Minutes to read
  • Dark

Creating and using API keys and access tokens

  • Dark

Article Summary

Learn how to set up and manage Personal Access Tokens in Airtable. 


Plan availabilityAll plan types. Certain features are only available to Enterprise Scale or Business plan customers.

Permission contingent - The scopes and access that you can set up with personal access tokens will reflect the permissions that you have in the various workspaces and bases connected to your Airtable account.

Platform(s)Web/Browser, Mac app, and Windows app
Related reading

API key deprecation

On January 18th, 2023, we began the deprecation period of user API keys. Related to this, webhooks created by user API keys in Legacy Enterprise bases will expire at the end of this period.

Since this is a major change to the Airtable API, the deprecation period will last for 12 months and end on Feb 1, 2024. While there are no immediate actions you need to take right now as we work to make this transition as smooth as possible, we recommend all users begin migrating away from legacy API Keys to our new API authentication methods

Understanding Personal Access Token basic actions

Personal Access Tokens or PATs allow users to create multiple access tokens that allow for a wide range of access to the information held in Airtable bases. For example, on the narrow end, you can create a PAT that only has a single scope to a single base in Airtable. On the deep end, however, you could have a "master" token that has access to a workspace with all available scopes included.

Find/create PATs
  1. With Airtable open, click on your account in the upper right corner of the screen. Here you'll see a dropdown menu appear. Click the Developer hub option. Or if you are currently signed into Airtable, you can click here to access the developer hub.
  2. This will bring you to the Personal Access Tokens page of the hub. From here you'll click the blue + Create new token option near the top right portion of the screen.
  3. This will open configuration options for the PAT that you are creating. 
  4. First name the PAT, then choose the scopes you'd like this PAT to have access to. More information on which scopes we currently offer can be found here.
  5. Finally, choose what level of access this PAT will have. Options include choosing a single base, multiple bases (even bases from different workspaces), all of the current and future bases in a workspace you own, or even all of the bases from any workspace that you own including bases/workspace added in the future.
    Only admins can choose the option to add the Airtable enterprise. This allows admins special access to also include workspaces and bases added to their organization over time.
Modify PATs
  1. From the developer hub scroll to or search for the name of the PAT that you would like to modify. Then, click that token's name.
  2. Next, modify the name, scopes, or access for the PAT. Note that you can add or remove scopes and access.
  3. Once you are satisfied with the changes be sure to click Save changes.
Regenerate or delete PATs
  1. From the developer hub scroll to or search for the name of the PAT that you would like to modify. Then, click the three-dot spillover to the far right side of that PAT.
  2. From here, click the option you need to use.
  3. Regenerating a token will cause a warning message to appear. Remember that any services currently using this token will need to be updated with the new token that is generated.
  4. Deleting a token will also cause a warning message to appear. Any services currently using this token to access data in Airtable will no longer be able to after you press Delete.

API key basic actions

Airtable API keys allow you to use Airtable's Web API to create, fetch, update, and delete records in the bases you have access to in Airtable. API keys follow the same permissions that an account has in Airtable.

Airtable has additional secure alternatives described in our OAuth integration and the Personal Access Token section above. In February 2023, we began the deprecation period of user API keys, so we recommend using one of those options instead.
Find/generate your API key
Do not share your API key with anyone (including anyone at Airtable) since it's effectively a password that allows access to all your bases. If you accidentally reveal your API key, you should regenerate your API key as soon as possible at
  1. To find your API key, navigate to your account page. On your account overview page, under the <>API heading, there's a button that says Generate API key.360083703033Image2020-08-03at111300AM.png
  2. Clicking this button will generate an API key for you.
Regenerating an API key

Once you've generated a key, you have the option of regenerating your key or deleting your key. To regenerate your key, click the Regenerate API key option. This will bring up a warning that regenerating your key will break your API integrations. Click the blue Yes, regenerate key button to confirm your key regeneration.


Deleting an API key

To delete your key, click the Delete key option. This will bring up a warning that deleting your key will break your API integrations. Click the red Yes, delete key button to confirm your key deletion.


Creating a read-only API key

Rather than using the workaround highlighted in this section, for Enterprise Scale customers we highly recommend that you use our service accounts feature to accomplish this instead.

Currently, each Airtable account only has one API key. The steps below outline a method for generating a new API key with restricted permissions by creating a separate account. There are several third-party integrations that interact with Airtable via the API, and they will often ask for your API key as part of the integration process where this process might be helpful.


It's important to understand that your API key provides full access to these operations on all of the bases your account has access to, so your API key should only be shared with third-party services and applications that you trust.

Create a new Airtable account

Log out of your personal Airtable account and head to to create a new account, using a different email address than you normally use to log into Airtable.

Generate an API key for this new account

Once you've created the new account and logged in, head to the account page and generate an API key. More detailed instructions can be found here. Make note of this API key and keep it handy.


Add the read-only account as a base collaborator

While logged into your personal Airtable account again, add this new account as a read-only collaborator on the base that needs to be accessed with the integration you want to configure. In this case, it's best to add the read-only account as a base collaborator, rather than a workspace collaborator. If you add the account as a workspace collaborator, it will have access to all bases in a workspace (including bases that will be created in the future).

As long as you add the account at the read-only permissions level, this will not affect your billing if your workspace is on the Plus or Pro plan.
Use this new account's API key in your integration

When prompted for "your Airtable API key" in setting up a new integration, use the API key that you generated for this new account, rather than the API key for your personal Airtable account. This way, the integration can only access bases that are explicitly shared with this new account, rather than all of the bases that you can access with your personal Airtable account.


Users connected to Enterprise Scale accounts can use the Enterpise API to clear and/or regenerate API keys for a specified user.


What can my personal access tokens access?

Unlike legacy API keys, which have the same access as your Airtable account, you can limit and configure the access of your personal access tokens. You can do this by selecting the scopes (what endpoints the token can use) and access/resources (which bases and workspaces the token can access) when creating or updating a token. 

Regardless of the scopes and access a user selects for their token, the token will only be able to perform actions that the user themselves is allowed to do. For example, to create a new field in a base via the API, the user must be a Creator collaborator in the base, plus the token must have the schema.bases:write scope and the base added as a resource. 

For more information about how scopes and access work, see the Authentication developer reference. For more information about configuring your token's access, refer to the personal access tokens guide.

Was this article helpful?