Should Airtable be used for an API provided to 3rd party developers?

Hi!

Thanks in advance to the community for your help with this!

I’m considering using Airtable to create an API for 3rd party app developers to pull information and was wondering the community’s thought on whether this is a good idea or not. I’m not an expert on the Airtable API (or APIs in general) so was hoping to get some perspectives from those of you who are wiser than me. I’m also interested in hiring someone on a consultative basis to help me with this project if they are particularly knowledgable.

I’ve read about examples where Airtable is used as an “internal” API, where the front end developers working pulling from the Airtable API work for the same organization as the people maintaining the Airtable database, in which case presumably data security is less of an issue.

I’m aware that there is a 5 request / second limitation on the API (although it’s unclear whether this is per API key + IP address combination or per API key + Base ID + IP address combination). I’m also aware that it’s possible to create a Read Only API key by creating an API key for a Read Only user.

Some of the specific concerns I have are:

  1. To what extent can I limit a 3rd party developers access? Presumably, I would be able to limit them to a specific Base by only providing them with the Base ID for the base I want them to see. Can I limit them to only see a specific table somehow? How about a specific view within a specific table?

  2. To what extent would a 3rd party developer with this Read Only API key be able to access all of the data in the view I’ve given them access to? Would they be able to somehow access all of the data in that view or would it work like an API is supposed to and they would just receive the data returned to them?

  3. To what extent would a 3rd party developer with this Read Only API key be able to access the formulas in the view I’ve given them access to?

Any help would be greatly appreciated.

Thanks so much!