As of 1st of February 2024, Airtable have now deprecated API keys in favour of the more secure Personal Access Token or OAuth integrations.

You may have built custom apps or generated Airtable export URLs with CSV Getter using Airtable API keys. Such applications and export links will no longer be working following the Airtable API key deprecation. This article will explain how to replace API key functionality by generating a personal access token or creating an Airtable export process with an OAuth integration.

Why an Airtable API Key deprecation and what are Personal Access Tokens?

Personal Access Tokens offer a security benefit because they can be restricted in scope, unlike Airtable API keys which offered the user unlimited access to all scopes and all bases. For example, you can generate a Personal Access Token with only read scopes. This means the token holder can only view Airtable records and not create, replace, update or delete them.

Creating an Airtable Personal Access Token to replace API Key

In Airtable, head over to the drop down menu in the top right of the screen and click Developer hub.

Under the Personal Access Tokens pane, click Create New Token.

You will be prompted to name your Personal Access token and select the scopes. The below animation is an example of creating how a read-only token. This can be useful for exporting Airtable to excel or Google sheets with an application like CSV Getter.

There are other scopes available too. For example, if you need to create or update records with your automation, you can include the data.records:write scope.

Once you have chosen your settings you can create your Airtable personal access token. The token will appear on screen for Copy and paste and should be stored somewhere safe.

If you are using the personal access token with CSV Getter, you can update the saved key at any time by accessing the account settings page and pressing Set Personal Access Token.

If you are using your Airtable Personal Access Token in replacement of a deprecated Airtable API key in an API request, be sure to replace the API key in the authentication header. For example before where you had "Bearer [deprecated api key]" you should have "Bearer [new personal access token]".

Note: If you have not set the correct scopes for your personal access token, some requests will generate an Airtable API error. For example, if you have set the scopes to read-only and are doing a create record request you will receive an error like the following.

See here to learn how to avoid setting the wrong scopes.

Using the Airtable OAuth Integration

Alternatively, you can export data from Airtable using CSV Getter's Airtable OAuth integration. This can also be done from the account settings page and pressing Connect Airtable.