Sep 06, 2022 05:57 PM
I would like to have visitors to my website signup for mailing list , and submit email address direct to my Airtable from HTML web form.
I can successfully do all that now, BUT the same API token can be used to READ the entire table…
How can my API token be used to submit data from web, but not allowed to read whole table?
Sep 06, 2022 06:22 PM
Welcome to the Airtable community! Airtable API tokens currently do not have this level of permission granularity.
You can look into using an Airtable form for users to submit their email addresses. Forms create new records without allowing any access to the base.
Sep 06, 2022 10:19 PM
Thank you. Is it possible for me to POST directly to an Airtable Form endpoint ?
Or do I have to use the Airtable Form ?
Sep 07, 2022 04:19 AM
No. You can POST to a table, but that would require an API key that also has read capability.
Jan 04, 2023 11:37 AM
it would be very useful to have write only tokens, as we often need to insert new records, e.g. from input forms, but dont want to provide these endpoints with read capabilities to retrieve the data of all other entries