- 07 Mar 2023
- 7 Minutes to read
Creating and using API keys and access tokens
- Updated on 07 Mar 2023
- 7 Minutes to read
Learn how to set up and manage Personal Access Tokens in Airtable.
|Plan availability||All plan types. Certain features are only available to Enterprise customers.|
Permission contingent - The scopes and access that you can set up with personal access tokens will reflect the permissions that you have in the various workspaces and bases connected to your Airtable account.
|Platform(s)||Web/Browser, Mac app, and Windows app|
API key deprecation
On January 18th, 2023, we began the deprecation period of user API keys. Related to this, webhooks created by user API keys in enterprise bases will expire at the end of this period.
Since this is a major change to the Airtable API, the deprecation period will last for 12 months and end on Feb 1, 2024. While there are no immediate actions you need to take right now as we work to make this transition as smooth as possible, we recommend all users begin migrating away from legacy API Keys to our new API authentication methods.
Personal Access Tokens basic actions
Personal Access Tokens or PATs allow users to create multiple access tokens that allow for a wide range of access to the information held in Airtable bases. For example, on the narrow end, you can create a PAT that only has a single scope to a single base in Airtable. On the deep end, however, you could have a "master" token that has access to a workspace with all available scopes included.
- With Airtable open, click on your account in the upper right corner of the screen. Here you'll see a dropdown menu appear. Click the Developer hub option. Or if you are currently signed into Airtable, you can click here to access the developer hub.
- This will bring you to the Personal Access Tokens page of the hub. From here you'll click the blue + Create new token option near the top right portion of the screen.
- This will open configuration options for the PAT that you are creating.
- First name the PAT, then choose the scopes you'd like this PAT to have access to. More information on which scopes we currently offer can be found here.
- Finally, choose what level of access this PAT will have. Options include choosing a single base, multiple bases (even bases from different workspaces), all of the current and future bases in a workspace you own, or even all of the bases from any workspace that you own including bases/workspace added in the future.NoteOnly Enterprise admins can choose the option to add the Airtable enterprise. This allows admins special access to also include workspaces and bases added to their organization over time.
- From the developer hub scroll to or search for the name of the PAT that you would like to modify. Then, click that token's name.
- Next, modify the name, scopes, or access for the PAT. Note that you can add or remove scopes and access.
- Once you are satisfied with the changes be sure to click Save changes.
- From the developer hub scroll to or search for the name of the PAT that you would like to modify. Then, click the three-dot spillover to the far right side of that PAT.
- From here, click the option you need to use.
- Regenerating a token will cause a warning message to appear. Remember that any services currently using this token will need to be updated with the new token that is generated.
- Deleting a token will also cause a warning message to appear. Any services currently using this token to access data in Airtable will no longer be able to after you press Delete.
API key basic actions
Airtable API keys allow you to use Airtable's Web API to create, fetch, update, and delete records in the bases you have access to in Airtable. API keys follow the same permissions that an account has in Airtable.
- To find your API key, navigate to your account page. On your account overview page, under the <>API heading, there's a button that says Generate API key.
- Clicking this button will generate an API key for you.
Once you've generated a key, you have the option of regenerating your key or deleting your key. To regenerate your key, click the Regenerate API key option. This will bring up a warning that regenerating your key will break your API integrations. Click the blue Yes, regenerate key button to confirm your key regeneration.
To delete your key, click the Delete key option. This will bring up a warning that deleting your key will break your API integrations. Click the red Yes, delete key button to confirm your key deletion.
Creating a read-only API key
Currently, each Airtable account only has one API key. The steps below outline a method for generating a new API key with restricted permissions by creating a separate account. There are several third-party integrations that interact with Airtable via the API, and they will often ask for your API key as part of the integration process where this process might be helpful.
It's important to understand that your API key provides full access to these operations on all of the bases your account has access to, so your API key should only be shared with third-party services and applications that you trust.
Log out of your personal Airtable account and head to https://airtable.com/signup to create a new account, using a different email address than you normally use to log into Airtable.
Once you've created the new account and logged in, head to the account page and generate an API key. More detailed instructions can be found here. Make note of this API key and keep it handy.
While logged into your personal Airtable account again, add this new account as a read-only collaborator on the base that needs to be accessed with the integration you want to configure. In this case, it's best to add the read-only account as a base collaborator, rather than a workspace collaborator. If you add the account as a workspace collaborator, it will have access to all bases in a workspace (including bases that will be created in the future).
When prompted for "your Airtable API key" in setting up a new integration, use the API key that you generated for this new account, rather than the API key for your personal Airtable account. This way, the integration can only access bases that are explicitly shared with this new account, rather than all of the bases that you can access with your personal Airtable account.
Users connected to Enterprise accounts can use the Enterpise API to clear and/or regenerate API keys for a specified user.
Unlike legacy API keys, which have the same access as your Airtable account, you can limit and configure the access of your personal access tokens. You can do this by selecting the scopes (what endpoints the token can use) and access/resources (which bases and workspaces the token can access) when creating or updating a token.
Regardless of the scopes and access a user selects for their token, the token will only be able to perform actions that the user themselves is allowed to do. For example, to create a new field in a base via the API, the user must be a Creator collaborator in the base, plus the token must have the schema.bases:write scope and the base added as a resource.
For more information about how scopes and access work, see the Authentication developer reference. For more information about configuring your token's access, refer to the personal access tokens guide.