Help

New Beta: New API authentication methods, endpoints, and public API docs

cancel
Showing results for 
Search instead for 
Did you mean: 
SeanKeenan
Airtable Employee
Airtable Employee

Hi everyone,

For those I haven’t met, I’m Sean, an engineer on the Airtable API team.

Today our team is excited to announce the public beta (it’s public – so no need to sign up!) of several new API authentication features to make our API more secure for all our users. Bundled with them are the (long-requested!) metadata API, comments API, and webhook API.

And one more feature (my personal favorite): a new publicly accessible API docs site to learn about all of these in more exciting detail! Airtable Web API

  • API authentication: personal access tokens
  • API authentication: OAuth for Integrations
    • Register an integration to build using OAuth 2.0: https://airtable.com/create/oauth.
    • Users can authorize third-party integrations with OAuth for a secure setup and granular controls.
  • New API endpoints
    • As part of either of the authentication methods above, we have several new API endpoints and functionality, including the metadata API - please read our changelog for more info on these endpoints. Airtable Web API
  • Enterprise Admin features
    • Enterprise admins can create service accounts that can utilize both of the new API authentication methods and associated API endpoints described above. This feature will help ensure continuity for scripts and integrations.
    • Admins will also be able to restrict whether and which OAuth third-party integrations can be used in their enterprises.

Additionally, we plan to announce a deprecation timeline for user API keys when these more secure authentication methods (personal access tokens and OAuth integrations) graduate from public beta to general availability. Per our deprecation guidelines, there will be a notice period of at least 12 months (from the date of that future announcement) before the deprecation is enforced.

This public beta is just the beginning! We plan on continuing to add new features and update existing ones based on your feedback.

Learn more from our updated API docs and then try it for yourself — and, if you have any questions, don’t hesitate to ask here,

Sean, on behalf of the Airtable API Team

58 Comments
Will_Powelson
Airtable Employee
Airtable Employee

Hi Lean, I can confirm that myself and other users are able to create tokens without code_challenge_method.

While I can’t diagnose your problem without access to your client_id (not that I’m asking you to post it publicly) a few possibilities come to mind:

  1. it is possible you are running into a bug I am currently chasing down.
  2. The redirect_uri you’re providing does not exactly match the one used in the authorization request
  3. Your code_verifier may be incorrect
  4. You may have accidentally altered the code you received
  5. You are waiting 10 minutes or more after authorizing to make this request
Andy_Cloke
8 - Airtable Astronomer
8 - Airtable Astronomer

Hey,

Firstly, awesome work on all these changes, especially webhooks!

Some feedback on the OAuth consent screen: it’s very easy to miss the small ‘Add a base’ button. I feel like a lot of users will breeze past it and just click ‘Authorize’.

Screenshot 2022-11-19 at 10.27.47

It that case, does the access token get access to all their workspaces or none of them? I’m assuming it’s none, in which case I think that button needs to be much more prominent.

Here’s the Webflow OAuth consent screen as a comparison - it’s not perfect but the list of workspaces is much clearer.

Screenshot 2022-11-19 at 10.33.00

LeanZubrezki
5 - Automation Enthusiast
5 - Automation Enthusiast

Thanks for confirming that it is not required Will, I have sent you a private message with the client id to see if you can verify if the problem is related with the bug, I can confirm that 2, 4 and 5 are not the problem and will double check 3, but the same logic is working fine with other services so it is probably not either.

Artur_Mkrtchyan
4 - Data Explorer
4 - Data Explorer

Hi @Ruchika_Abbi1 thanks for your question… Old apps will continue working with api keys (no need to change in there… we will check if we can allow users to replace old keys with tokens) for the new Apps we will be using OAuth as it’s way better in many ways… We are now in evaluation step and will start implementing soon.

–Artur

Artur_Mkrtchyan
4 - Data Explorer
4 - Data Explorer

Agree with Andy, It’s very easy to miss. and if without it there is no access it should at least be required… or way bigger :slightly_smiling_face:

Ava_Li
4 - Data Explorer
4 - Data Explorer

Hi! A quick question about the new PAT tokens (RAS syndrome :frowning_face: ). Do they expire after a set time? If not, what are the conditions for them to stop working and require regeneration? Are there plans in the future to implement a set expiration date?

Also, slightly unrelated, do API keys expire?

VicPlummer
4 - Data Explorer
4 - Data Explorer

Congrats @SeanKeenan! So excited to see these developments!

Cameron_Rout
4 - Data Explorer
4 - Data Explorer

When the API key is deprected will I lose access to all my third party integrations?
Third party apps like Airtable just ask for a Web API key and don’t accept the new tokens.

Will_Powelson
Airtable Employee
Airtable Employee

@LeanZubrezki

(I also sent you a DM with more info) After some investigation I believe the issue is actually that our example repo had insufficient error-handling and was making requests for a token after the /authorization request had been denied.

I’ve updated the example repo and will work to improve the error handling here from our servers.

@Andy_Cloke
Noted! There is an update coming soon that will require users to add at least one base or workspace when it is required for the integration to work.

kuovonne
18 - Pluto
18 - Pluto

We don’t know yet when API keys will be depreciated, but we will have a warning of at least a year. That should give you enough time to update your third party integrations with new connections.

Although some third party apps do not allow you to change an existing token, they usually allow creating a new connection with a new token, and you can switch the integration to the new connection.

If you are concerned that a specific 3rd party service does not allow switching connections, you can contact them and let them know that they should implement that feature. They will have at least a year to do so.