In Baserow (another online spreadsheet), it’s possible to create as many tokens as you need to access your bases/sheets/tables. Each token has specific access rights (create, read, update, delete) for each table, so that way you can put some API keys in your code without worrying about the more sensitive data getting exposed.
It would be great to see that kind of feature with Airtable.
As this is not posted under the product suggestions category, I’m going to offer some thoughts.
There are several issues here:
Having multiple API keys per user. Currently each user can have only one API key, so you must have multiple users in order to have multiple API keys. If the API key must be able to edit data, this means you must pay for the user associated with that API key in Plus and Pro workspaces.
In a pro workspace you can set field and table level permissions for creating records, editing fields, etc. It’s not as granular as many would like, but it is possible. The API key will have the same permissions as the user.
It is not possible to limit read rights. All users and their API keys always can read all the data in the base.
So, there are some workarounds for some situations. Some of those workarounds cost more money.
If there were some sort of 3rd-party or built-in API gateway, it would solve many of the issues. It would have the same access as me as the table admin, but it would allow me to make additional sub-tokens that restrict access within the gateway.
Most of the software options I’ve seen don’t appear to solve the problem (Autocode, NoCodeAPI), but perhaps there are others I’ve missed. Hoppscotch is helpful for testing but doesn’t serve as a gateway.