Ah, I see!
The good news is that all of Airtable’s API calls are done through an Airtable user account, so you can setup a user account that is restricted to only the certain privileges that you want that user to have — such as creating records in a table, deleting records in a table, editing certain fields in a table, or adding new values to single-select and multi-select fields.
But the bad news is that Airtable doesn’t offer any permissions to limit record viewing or field viewing. Once the user has API access to a table, they can see ALL the fields and ALL the records.
One potential workaround for this might be to sync a limited number of records & fields using Airtable’s sync feature to a destination sync table in another base, and then give the user access to just that destination base. But the problem is that destination sync tables can never be edited through the API, so it would always be read-only access.
However, if you’re only doing GET calls, then that would be all you need, and that could be a good solution for you.
Beyond that, I’m not familiar with any 3rd-party apps that let you easily build your own API on top of Airtable’s API, but my guess is that if you know how to write programming code, that you could probably develop your own API. Here’s an interesting article that I found on the Postman website: https://blog.postman.com/how-to-build-an-api/
Hope this helps! If you’d like to hire an expert Airtable consultant to help you with anything Airtable-related, please feel free to contact me through my website: Airtable consultant — ScottWorld