Help

Save the date! Join us on October 16 for our Product Ops launch event. Register here.

New API capabilities now in GA and upcoming API keys deprecation period

cancel
Showing results for 
Search instead for 
Did you mean: 
Fred_Zhao
Airtable Employee
Airtable Employee

Hiya everybody,

For those I haven’t met, I’m Fred, an Engineering Manager here at Airtable.

Today our team is announcing the General Availability of many new API features to make our API Authentication more secure and reliable, as well as open up new API capabilities. These include:

Additional upcoming changes to the API experience

With that, we are now announcing the beginning of the deprecation period for API Keys in favor of the two new API Authentication methods: Personal Access Tokens for individual use and OAuth for Integrations. Both new methods have more granular control of resources and scopes, and enable both developers and end-users to extend Airtable while ensuring the highest grade of security.

As this is a major change to the Airtable API, the API Key deprecation period will last for 12 months and end on Feb 1, 2024, after which API Keys will no longer be able to access the Airtable API. Related to this, webhooks created by API Keys in enterprise bases will also expire at the end of that period. We recommend all users to migrate to Personal Access Tokens for individual use and OAuth for third-party integrations moving forward.

Why are we doing this?

Personal Access Tokens and OAuth provide a higher standard for security over API Keys, which were the predecessor that provided “all-or-nothing” access over everything that an Airtable user account could see or do. These new methods have more granular control of resources and scopes, and allow you to extend Airtable while ensuring the highest grade of security.

Who is affected by this deprecation?

Anyone using API Keys will be affected by this change. This could be you as an end-user, or some other end-user for whom you have built an existing integration upon the Airtable API.

What do I need to do?

We understand this is a big change, so we’ll be sharing more details in the coming weeks to make this transition as smooth as possible: intermediate deprecation milestones, and more actionable details. The support article on API Keys will also be updated over time, so feel free to bookmark it.

While there are no immediate actions you need to take right now as we enter this deprecation period, remember that time flies! So we recommend all users begin migrating away from API Keys.

As always, you can learn more about our APIs from our developer docs. If you have any questions, don’t hesitate to ask here.

Fred, on behalf of the Airtable Team

13 Comments
Ram_Navan
4 - Data Explorer
4 - Data Explorer

update:

actually, I figured it out. I was using json stringify instead of qs stringify. also, my dummy code verifier does not satisfy the length rule.  thanks

 

@Fred - Could you please help troubleshooting an issue I'm facing with oAUTH integration? When posting to endpoint /oauth2/v1/token, I'm getting this error

 

{"error":"invalid_request","error_description":"Missing \"grant_type\" parameter."}

 

here is my code. I'm using fetch api. I'm clearly passing in grant_type parameter

 

const accessTokens = await fetch(
    `${process.env.AIRTABLE_URL}/oauth2/v1/token`,
    {
      method: "POST",
      headers: {
        Authorization: authorizationHeader,
        "Content-Type": "application/x-www-form-urlencoded",
      },
      body: JSON.stringify({
        client_id: process.env.AIRTABLE_OAUTH_CLIENT_ID!,
        code_verifier: "testtest",
        redirect_uri: process.env.AIRTABLE_REDIRECT_URI,
        code,
        grant_type: "authorization_code",
      }),
    }
  );

 

Appreciate your help

 

 

Olpy_Acaflo
9 - Sun
9 - Sun

Thank you so much @LeanZubrezki 
Sorry for distancing myself a bit from CODA but it's temporary: I was just in a hurry for my main job (Colorist, Education) to create some phoneApps and in the emergency, I have chosen GLIDE (just rediscovered thanks to this thread) which does this job very well in two-way sync with Airtable + some wonderful htmlCSS-embed with a little help from MAKE to process the webhook, its URL, the airtable record ID and finally deliver the payload where it should be displayed in Glide.
But I will come back to CODA sooner or later using your package for desktop usecases.
See you soon,
olπ

valeriia
4 - Data Explorer
4 - Data Explorer

Please keep the keys. I use API tokens in scripts that have no way to do OAuth

Or maybe I just don't understand how to use the new authentication method. My python script is executed with cron on a remote machine (via github actions), it pulls data from airtable, processes it and marks the processed rows as "done". It's not a web app, so there's no way to do callbacks.