Service accounts overview
  • 04 Mar 2024
  • 4 Minutes to read
  • Dark
    Light
  • PDF

Service accounts overview

  • Dark
    Light
  • PDF

Article Summary

Plan availability

Enterprise Scale accounts only

Permissions

Admin permissions are needed to use service accounts as described in the article below

Platform(s)

Web/Browser

Related reading

Service accounts in the Admin Panel

  • Service accounts are non-user accounts created by admins that can access Airtable's APIs

  • Enterprise Scale admins can create these service accounts, add them to bases and workspaces, and use them to connect to external services and integrations. Service accounts do not have a logged-in experience and are not billed accounts.

  • Enterprise Scale admins can manage service accounts from the Admin Panel—granting them access to workspaces and bases. 

  • Service accounts are designed to set up API integrations—using a personal access token or by authorizing an OAuth integration—independent of any specific user at your organization, enabling the integration to continue working even if a user departs your organization.

Note

Service accounts can’t log into the UI, are not billed as users, and can be managed and deleted by admins.

Creating & deleting service accounts

From the User's section of the Admin Panel, admins can create, delete, edit, and grant admin access to individual service accounts. All service account profiles feature the user's name, last date used, created at date/time, and created by field.

To create a service account:

  1. Visit your Admin Panel and select Users from the side menu.

  2. Select the Service accounts tab. 

  3. Click Create service account

  4. Assign your service account a name and email address.

After creating an account, it is always available under the Service accounts section of the User's panel.

To delete a service account:

  1. Visit your Admin Panel and select Users from the side menu.

  2. Select the Service accounts tab. 

  3. Select the name of the service account you want to delete.

  4. Click to the right of the Created field. 

  5.  Select Delete service account and click Delete

Deleting in bulk is also supported via the checkboxes to the left of the service accounts.

Service account details

The Admin Panel's service accounts tab allows you to view new or previously created service accounts. And by selecting an individual account, you can review that account's unique information and permissions. 

Workspaces & bases overview 

Within the service account details page, the Workspaces and Bases tabs allow admins to:

  • View which workspaces and bases individual service accounts can access.

  • Give or revoke a service account's access to specific workspaces and bases.

Creating & managing personal access tokens

To create personal access tokens:

  1. Visit your Admin Panel and select Users from the side menu. 

  2. Select the Service accounts tab.

  3. Select the name of the account you want to view. 

  4. Click Personal access tokens

  5. Click Create personal access token and name the token. 

  6. Grant the personal access token base-specific permissions and resources.

To manage personal access tokens:

  1. Navigate to the Service accounts details page (see above).

  2. Click to the right of the Date created field. 

  3. Choose between Edit token, Regenerate token, or Delete token

Managing integrations

Service accounts can be used when authorizing new OAuth integrations. Admins must choose between authorizing integrations under their Airtable user account or as service accounts for their organization.

Once an integration has been authorized as a service account you can manage the integration via Admin Panel:

  1. Visit your Admin Panel and select Users from the side menu.

  2. Select the Service accounts tab.

  3. Select the name of the account you want to view.

  4. Click Third-party integrations.

  5. Click to the right of the Date created field for the integration you wish to manage. 

  6. Click Edit permissions to choose between:

    1. Revoking access for the integration entirely.

    2. Or changing the resources the integration can access.

Downloading service accounts CSVs

Service account CSVs include:

  • User IDs

  • User first names 

  • User emails 

  • Account types 

  • Activity time stamps

  • Date and time joined (UTC)

To download a service account CSV:

  1. Visit your Admin Panel and select Users from the side menu. 

  2. Click CSV next to the Create service account button.

FAQs

Why is an email required for a service account?

Emails allow service accounts to be invited to bases and workspaces through a unique identifier, allowing critical emails to be delivered to the address associated with the account.

We recommend setting up a mailing list or using an existing email followed by a plus (+). Many email providers route pluses to the same email address (for example, example+serviceAccount@example.com will, on many email providers, route messages to example@example.com).  

Is there a limit to how many service accounts I can create?

Yes, service accounts are limited to 30 per Enterprise Scale plan by default. If you want to raise the default limit, get in touch with support or your account team.

Can admins log into the Airtable user interface with a service account?

No, while service accounts are associated with unique emails, admins can't log into the Airtable UI. As a result, we do not require that the email is validated. However, we require that all associated emails exist on your organization's domain (i.e., an @yourOrganization.com email address).

Can a service account from my organization generate personal access tokens with access to bases or workspaces outside the organization's Enterprise Scale account?

Yes, and if you’d like to limit this, please reach out to your Airtable Account team.

Can a service account from a different organization use personal access tokens to access my organization’s bases or workspaces?

Yes, but these can be restricted by the Enterprise API access control described in the personal access token documentation. In addition, because the account is external, you cannot see the individual personal access tokens created on the account.

Where can I find service accounts owned by different organizations that have access to my resources?

Service accounts owned by a different organization — with access to your organizations' workspaces or bases — are listed under the Users tab in Admin Panel. They are tagged as service accounts but are managed the same as any other external user.


Was this article helpful?