Skip to content

Airtable API Key

Service Name: Airtable

Service Description: Airtable is a cloud collaboration service that combines the features of a database with the visual interface of a spreadsheet. It's used for creating and sharing relational databases with team collaboration features.

Service Address: https://airtable.com/

Validation Type: API Auth

IP Allow list: IP restrictions can be implemented at the Enterprise level through IP restrictions policy

Secret Access Scope: Grants programmatic access to Airtable bases, tables, and records. Depending on the permissions associated with the API key, it can allow reading, creating, updating, and deleting records.

Secret Revokement URL: https://airtable.com/account

Secret Example: keyABCDEFGHIJKLMNO

Suspicious Activity Investigation Instructions:

  • Review Airtable activity logs for unusual data access or modifications

  • Check for unexpected API calls or data exports

  • Monitor for unauthorized base access or record modifications

  • Verify if there are any new integrations or automations created

  • Look for unusual access patterns or times of access

Mitigation Instructions:

  • Log in to your Airtable account at https://airtable.com/

  • Navigate to Account > API in the top right corner

  • Locate the compromised API key

  • Click "Regenerate API key" to invalidate the old key

  • Update any legitimate applications or services with the new API key

  • Consider implementing Enterprise-level IP restrictions if available

  • Review and adjust base sharing permissions to limit access

  • Enable two-factor authentication for your Airtable account