Authentication for Personal Access Tokens not working?

Jump to Solution
7654 14
Showing results for 
Search instead for 
Did you mean: 
5 - Automation Enthusiast
5 - Automation Enthusiast

When I make an API call using a Personal Access Token I have set up, it returns Error 401 Authentication Required - but if I change out the PAT to use the API Key, it works just fine.

Am I not able to use PAT's whilst I have a API Key enabled?

1 Solution

Accepted Solutions
5 - Automation Enthusiast
5 - Automation Enthusiast

I'm so silly... the reason my PAT's were not working is because I was only using the Token ID - not the whole Token itself.

I went through the process of creating a new Token and immediately noticed my foolish error.

See Solution in Thread

14 Replies 14

Hey @keola

Did you confirm that the token that you've set up has been properly scoped for the operations that you're trying to do via the API?

Can you provide any additional details on what you're trying to do with the API? That will make it easier to confirm which scopes you need to add to your token.

That tends to be the primary culprit when I've been provisioning a new token for authenticating against the Web API.


5 - Automation Enthusiast
5 - Automation Enthusiast

Hey @Ben_Young1, yes - I have actually granted this PAT I am testing every scope. When I first create the tokens, I was getting the same error and I thought maybe I hadn't given enough scopes to the token, which is why I have now granted every scope to it.

Can you provide a code snippet of how you're passing your HTTP request to the Airtable Web API?
If scope isn't the issue, then my next suspect falls to a syntax issue with how you're handling the headers object.

5 - Automation Enthusiast
5 - Automation Enthusiast

I'm using the Authorization header with Bearer ###

Could you provide a (scrubbed) snippet of your actual request?
Also, any additional information on what you're actually trying to do or which API endpoint(s) you're trying to interact with would also be a great help here.

Specifically, a snippet like this:

curl "{myBaseId}/{myTableId}" \
-H "Authorization: Bearer {myToken}"

Or if you're making this request in JS, something like this:

const AIRTABLE_TOKEN = "yourToken";
const requestUrl = "";
const options = {
    method: "GET",
    headers: {
        authorization: `Bearer ${AIRTABLE_TOKEN}`

await fetch(`${requestUrl}${baseId}/${tableId}`, options)
    .then(request => request.json())
    .then(data => console.log(data));

Seeing how you're actually making the request is the key here.

5 - Automation Enthusiast
5 - Automation Enthusiast

I'm using Insomnia to test the call - the Body is set to No Body and the Auth is set to No Authentication (so I can pass it in the Header myself)


What are you using to make the API call? Are you using 100% your own code, or are you using a service? Some third party services could be set up to accept only API keys and not personal access tokens.

(This probably isn't the case, but I thought I'd throw the idea out there just in case.)

5 - Automation Enthusiast
5 - Automation Enthusiast

Hi @kuovonne; I'm using the program Insomnia to make the call at the moment, so no third party service.



Insomnia will handle the authentication headers for the request.
When I first started using Insomnia, I also ran into strange issues when I set my own authentication headers.