Re: Authentication for Personal Access Tokens not working?

keola · ‎Mar 21, 2023

When I make an API call using a Personal Access Token I have set up, it returns Error 401 Authentication Required - but if I change out the PAT to use the API Key, it works just fine.

Am I not able to use PAT's whilst I have a API Key enabled?

keola · ‎Mar 30, 2023

I'm so silly... the reason my PAT's were not working is because I was only using the Token ID - not the whole Token itself.

I went through the process of creating a new Token and immediately noticed my foolish error.

See Solution in Thread

Ben_Young1 · ‎Mar 21, 2023

Hey @keola!

Did you confirm that the token that you've set up has been properly scoped for the operations that you're trying to do via the API?

Can you provide any additional details on what you're trying to do with the API? That will make it easier to confirm which scopes you need to add to your token.

That tends to be the primary culprit when I've been provisioning a new token for authenticating against the Web API.

keola · ‎Mar 21, 2023

Hey @Ben_Young1, yes - I have actually granted this PAT I am testing every scope. When I first create the tokens, I was getting the same error and I thought maybe I hadn't given enough scopes to the token, which is why I have now granted every scope to it.

Ben_Young1 · ‎Mar 21, 2023

Can you provide a code snippet of how you're passing your HTTP request to the Airtable Web API?
If scope isn't the issue, then my next suspect falls to a syntax issue with how you're handling the headers object.

keola · ‎Mar 21, 2023

I'm using the Authorization header with Bearer ###

Ben_Young1 · ‎Mar 21, 2023

Could you provide a (scrubbed) snippet of your actual request?
Also, any additional information on what you're actually trying to do or which API endpoint(s) you're trying to interact with would also be a great help here.

Specifically, a snippet like this:

curl "https://api.airtable.com/v0/{myBaseId}/{myTableId}" \
-H "Authorization: Bearer {myToken}"

Or if you're making this request in JS, something like this:

const AIRTABLE_TOKEN = "yourToken";
const requestUrl = "https://api.airtable.com/v0/";
const options = {
    method: "GET",
    headers: {
        authorization: `Bearer ${AIRTABLE_TOKEN}`
    }
};

await fetch(`${requestUrl}${baseId}/${tableId}`, options)
    .then(request => request.json())
    .then(data => console.log(data));

Seeing how you're actually making the request is the key here.

keola · ‎Mar 21, 2023

I'm using Insomnia to test the call - the Body is set to No Body and the Auth is set to No Authentication (so I can pass it in the Header myself)

kuovonne · ‎Mar 21, 2023

What are you using to make the API call? Are you using 100% your own code, or are you using a service? Some third party services could be set up to accept only API keys and not personal access tokens.

(This probably isn't the case, but I thought I'd throw the idea out there just in case.)

keola · ‎Mar 21, 2023

Hi @kuovonne; I'm using the program Insomnia to make the call at the moment, so no third party service.

Ben_Young1 · ‎Mar 21, 2023

Insomnia will handle the authentication headers for the request.
When I first started using Insomnia, I also ran into strange issues when I set my own authentication headers.