Skip to content

Airtable Personal Access Token

Service Name: Airtable

Service Description: Airtable is a cloud collaboration service that combines the features of a database with the visual interface of a spreadsheet. It allows users to create and share relational databases with team collaboration features.

Service Address: https://airtable.com/

Validation Type: API Auth

IP Allow list: IP restrictions can be set at the organization level for Enterprise plans, but not at the individual token level.

Secret Access Scope: Grants programmatic access to Airtable bases and workspaces according to the permissions of the user who created the token. Can be used to read, create, update, and delete records.

Secret Revokement URL: https://airtable.com/account

Secret Example: patXXXXXXXXXXXXXXXX.XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

Suspicious Activity Investigation Instructions:

  • Review Airtable account activity logs for unusual access patterns or operations

  • Check for unexpected changes to bases, tables, or records

  • Monitor for unauthorized API calls from unfamiliar IP addresses or locations

  • Verify if there are any new integrations or automations that were not authorized

  • Examine the scope and permissions granted to the compromised token

Mitigation Instructions:

  • Log in to your Airtable account at https://airtable.com/account

  • Navigate to the "Personal access tokens" section

  • Locate the compromised token in the list

  • Click the "Revoke" button next to the token

  • Create a new token with appropriate permissions if needed

  • Review and update any applications or services that were using the revoked token

  • Consider implementing IP restrictions at the organization level if on an Enterprise plan

  • Enable two-factor authentication for your Airtable account if not already enabled