Account
Account overview Billing Policies
API
API Overview Get your API key Documentation Troubleshooting
Integrations
Resources Community
Enterprise
Admin Panel Enterprise Plans Airtable Security Terms of Service Privacy Policy
Resources
Community Marketplace Templates Universe

Creating and using API keys and access tokens

07 Mar 2023
7 Minutes to read

Print
Dark

Light

Creating and using API keys and access tokens

Updated on 07 Mar 2023
7 Minutes to read

Print
Dark

Light

Learn how to set up and manage Personal Access Tokens in Airtable.

Introduction

Plan availability	All plan types. Certain features are only available to Enterprise customers.
Permissions	Permission contingent - The scopes and access that you can set up with personal access tokens will reflect the permissions that you have in the various workspaces and bases connected to your Airtable account.
Platform(s)	Web/Browser, Mac app, and Windows app
Related reading	Scopes developer documentation - More technical information related to scopes in Airtable. Service accounts overview - Help article that explains how Airtable admins can set up non-user accounts that can access Airtable's APIs. Third-party integrations via OAuth overview - Help article that discusses the broader ways to manage which third-party integrations have access to your Airtable data.

API key deprecation

On January 18th, 2023, we began the deprecation period of user API keys. Related to this, webhooks created by user API keys in enterprise bases will expire at the end of this period.

Since this is a major change to the Airtable API, the deprecation period will last for 12 months and end on Feb 1, 2024. While there are no immediate actions you need to take right now as we work to make this transition as smooth as possible, we recommend all users begin migrating away from legacy API Keys to our new API authentication methods.

Personal Access Tokens basic actions

Personal Access Tokens or PATs allow users to create multiple access tokens that allow for a wide range of access to the information held in Airtable bases. For example, on the narrow end, you can create a PAT that only has a single scope to a single base in Airtable. On the deep end, however, you could have a "master" token that has access to a workspace with all available scopes included.

Find/create PATs

With Airtable open, click on your account in the upper right corner of the screen. Here you'll see a dropdown menu appear. Click the Developer hub option. Or if you are currently signed into Airtable, you can click here to access the developer hub.
This will bring you to the Personal Access Tokens page of the hub. From here you'll click the blue + Create new token option near the top right portion of the screen.
This will open configuration options for the PAT that you are creating.
First name the PAT, then choose the scopes you'd like this PAT to have access to. More information on which scopes we currently offer can be found here.
Finally, choose what level of access this PAT will have. Options include choosing a single base, multiple bases (even bases from different workspaces), all of the current and future bases in a workspace you own, or even all of the bases from any workspace that you own including bases/workspace added in the future.
Note
Only Enterprise admins can choose the option to add the Airtable enterprise. This allows admins special access to also include workspaces and bases added to their organization over time.

Modify PATs

From the developer hub scroll to or search for the name of the PAT that you would like to modify. Then, click that token's name.
Next, modify the name, scopes, or access for the PAT. Note that you can add or remove scopes and access.
Once you are satisfied with the changes be sure to click Save changes.

Regenerate or delete PATs

From the developer hub scroll to or search for the name of the PAT that you would like to modify. Then, click the three-dot spillover to the far right side of that PAT.
From here, click the option you need to use.
Regenerating a token will cause a warning message to appear. Remember that any services currently using this token will need to be updated with the new token that is generated.
Deleting a token will also cause a warning message to appear. Any services currently using this token to access data in Airtable will no longer be able to after you press Delete.

API key basic actions

Airtable API keys allow you to use Airtable's Web API to create, fetch, update, and delete records in the bases you have access to in Airtable. API keys follow the same permissions that an account has in Airtable.

Note

Airtable has additional secure alternatives described in our OAuth integration and the Personal Access Token section above. In February 2023, we began the deprecation period of user API keys, so we recommend using one of those options instead.

Find/generate your API key

Note

Do not share your API key with anyone (including anyone at Airtable) since it's effectively a password that allows access to all your bases. If you accidentally reveal your API key, you should regenerate your API key as soon as possible at https://airtable.com/account

To find your API key, navigate to your account page. On your account overview page, under the <>API heading, there's a button that says Generate API key.
Clicking this button will generate an API key for you.

Regenerating an API key

Once you've generated a key, you have the option of regenerating your key or deleting your key. To regenerate your key, click the Regenerate API key option. This will bring up a warning that regenerating your key will break your API integrations. Click the blue Yes, regenerate key button to confirm your key regeneration.

Deleting an API key

To delete your key, click the Delete key option. This will bring up a warning that deleting your key will break your API integrations. Click the red Yes, delete key button to confirm your key deletion.

Creating a read-only API key

Note

Rather than using the workaround highlighted in this section, we highly recommend that you use our service accounts feature to accomplish this instead.

Currently, each Airtable account only has one API key. The steps below outline a method for generating a new API key with restricted permissions by creating a separate account. There are several third-party integrations that interact with Airtable via the API, and they will often ask for your API key as part of the integration process where this process might be helpful.

NOTE

It's important to understand that your API key provides full access to these operations on all of the bases your account has access to, so your API key should only be shared with third-party services and applications that you trust.

Create a new Airtable account

Log out of your personal Airtable account and head to https://airtable.com/signup to create a new account, using a different email address than you normally use to log into Airtable.

Generate an API key for this new account

Once you've created the new account and logged in, head to the account page and generate an API key. More detailed instructions can be found here. Make note of this API key and keep it handy.

Add the read-only account as a base collaborator

While logged into your personal Airtable account again, add this new account as a read-only collaborator on the base that needs to be accessed with the integration you want to configure. In this case, it's best to add the read-only account as a base collaborator, rather than a workspace collaborator. If you add the account as a workspace collaborator, it will have access to all bases in a workspace (including bases that will be created in the future).

Note

As long as you add the account at the read-only permissions level, this will not affect your billing if your workspace is on the Plus or Pro plan.

Use this new account's API key in your integration

When prompted for "your Airtable API key" in setting up a new integration, use the API key that you generated for this new account, rather than the API key for your personal Airtable account. This way, the integration can only access bases that are explicitly shared with this new account, rather than all of the bases that you can access with your personal Airtable account.

Note

Users connected to Enterprise accounts can use the Enterpise API to clear and/or regenerate API keys for a specified user.

FAQs

What can my personal access tokens access?

Unlike legacy API keys, which have the same access as your Airtable account, you can limit and configure the access of your personal access tokens. You can do this by selecting the scopes (what endpoints the token can use) and access/resources (which bases and workspaces the token can access) when creating or updating a token.

Regardless of the scopes and access a user selects for their token, the token will only be able to perform actions that the user themselves is allowed to do. For example, to create a new field in a base via the API, the user must be a Creator collaborator in the base, plus the token must have the schema.bases:write scope and the base added as a resource.

For more information about how scopes and access work, see the Authentication developer reference. For more information about configuring your token's access, refer to the personal access tokens guide.

Was this article helpful?

What's Next

Service accounts overview

Table of contents

Introduction
API key deprecation
Personal Access Tokens basic actions
API key basic actions
Creating a read-only API key
FAQs