Help

Tool to add granular permissions on top of Airtable API

Solved
Jump to Solution
1997 3
cancel
Showing results for 
Search instead for 
Did you mean: 
Ricardo
7 - App Architect
7 - App Architect

Hi, I'm a little lost with where to start looking for a simple tool that allows me to create a permission-based API on top of my Airtable data.

I'm looking to enable an external collaborator to request the availability of a certain set of products. For that I would like to limit the user to

1. Read only access
2. A set of records via a view or filter
3. A set of fields

This is a small scale experiment and I would prefer a quick to setup and free solution.

I have looked at nocodeapi.com, which looks great but it doesn't appear to support the permissions I'm looking for.

Thank you! 

1 Solution

Accepted Solutions
ScottWorld
18 - Pluto
18 - Pluto

Ah, I see!

The good news is that all of Airtable’s API calls are done through an Airtable user account, so you can setup a user account that is restricted to only the certain privileges that you want that user to have — such as creating records in a table, deleting records in a table, editing certain fields in a table, or adding new values to single-select and multi-select fields.

But the bad news is that Airtable doesn’t offer any permissions to limit record viewing or field viewing. Once the user has API access to a table, they can see ALL the fields and ALL the records.

One potential workaround for this might be to sync a limited number of records & fields using Airtable’s sync feature to a destination sync table in another base, and then give the user access to just that destination base. But the problem is that destination sync tables can never be edited through the API, so it would always be read-only access.

However, if you’re only doing GET calls, then that would be all you need, and that could be a good solution for you.

Beyond that, I’m not familiar with any 3rd-party apps that let you easily build your own API on top of Airtable’s API, but my guess is that if you know how to write programming code, that you could probably develop your own API. Here’s an interesting article that I found on the Postman website: https://blog.postman.com/how-to-build-an-api/

Hope this helps! If you’d like to hire an expert Airtable consultant to help you with anything Airtable-related, please feel free to contact me through my website: Airtable consultant — ScottWorld

See Solution in Thread

3 Replies 3
ScottWorld
18 - Pluto
18 - Pluto

You could do all of that for free with Airtable’s interfaces. It would be free if you keep the user as read-only access, and if they need to edit/submit something, they could do it through an Airtable form or through Fillout, both of which are free.

Otherwise, you’d have to look at external tools which are pricey, such as Noloco, Softr,, JetAdmin, or Glide. I give a brief tutorial of Noloco on this episode of the BuiltOnAir podcast. And I also presented a full one-hour webinar on Noloco called Building a Client Portal on Noloco powered by Airtable.

Thanks for your detailed feedback @ScottWorld. I’m afraid I wasn’t specific enough, I’m looking for a way to do so through an API call. The idea is for the external partner to make a get call to retrieve availability as part of an automated workflow, but only for a certain set of permissions (records, rights).

 
 
ScottWorld
18 - Pluto
18 - Pluto

Ah, I see!

The good news is that all of Airtable’s API calls are done through an Airtable user account, so you can setup a user account that is restricted to only the certain privileges that you want that user to have — such as creating records in a table, deleting records in a table, editing certain fields in a table, or adding new values to single-select and multi-select fields.

But the bad news is that Airtable doesn’t offer any permissions to limit record viewing or field viewing. Once the user has API access to a table, they can see ALL the fields and ALL the records.

One potential workaround for this might be to sync a limited number of records & fields using Airtable’s sync feature to a destination sync table in another base, and then give the user access to just that destination base. But the problem is that destination sync tables can never be edited through the API, so it would always be read-only access.

However, if you’re only doing GET calls, then that would be all you need, and that could be a good solution for you.

Beyond that, I’m not familiar with any 3rd-party apps that let you easily build your own API on top of Airtable’s API, but my guess is that if you know how to write programming code, that you could probably develop your own API. Here’s an interesting article that I found on the Postman website: https://blog.postman.com/how-to-build-an-api/

Hope this helps! If you’d like to hire an expert Airtable consultant to help you with anything Airtable-related, please feel free to contact me through my website: Airtable consultant — ScottWorld