Welcome to the Airtable Community! If you're new here, check out our Getting Started area to get the most out of your community experience.

Controlling or Logging API Access plus

Topic Labels: API
905 2
Showing results for 
Search instead for 
Did you mean: 

I couldn’t find this in the documentation or answered on this forum.

I was recently brought in to get a handle on our organization’s technology. They use Airtable extensively and have a few zapier automation.

Recently a high-level employee was released from the company causing a security audit (by myself).

Which accounts (what level) can generate an API key?

Is there a way for admin accounts to view and control API access for accounts that are not their own? ie: I want to see all accounts that have generated an API and/or be able to delete and view any automation occurring across all bases in a workspace.

Thank you for any assistance.

Matthew Moran

2 Replies 2

Hey Matthew! Welcome to the forum.

I can’t speak for Airtable, but I think this question probably needs to get the attention of someone inside (like @EvanHahn who will probably see this).

As for the API in general, keys are granted by user account only (as far as I know) and this is why I advise clients to create specific accounts for API use even though it costs a little more for the non-human user accounts.

For every API process I create, I also log all activity, typically to ElasticSearch or a security log specified by the client. I do this because I have no knowledge of any logging services maintained by Airtable.

Thanks @Bill.French. That is my concern. I currently have an account for all API access. The problem is, if any user can create it, it becomes a challenge - both from a security point of view and in centralizing and maintaining automations.

Thanks for tagging an internal resource. I submitted a support request as well.