Baserow database tokens: Secure API authentication

Baserow database tokens provide secure, permission-controlled API access without exposing your account credentials to external applications.

Database tokens are permanent API keys that let you securely connect external applications to your Baserow data. Create tokens to authenticate API requests for reading, writing, updating, and deleting data without sharing your login credentials.

What are database tokens?

Database tokens are permanent authentication keys that grant programmatic access to your Baserow data through the REST API. Unlike temporary session tokens, database tokens don’t expire and can be used continuously by external applications, scripts, or integrations.

These tokens act as digital keys, allowing authorized systems to perform specific operations on your databases while maintaining security through granular permission controls. You can create multiple tokens with different access levels for different use cases.

Token types in Baserow

Baserow offers two authentication methods for API access:

Token type Duration Use case Permissions Operations
Database token Permanent External applications, automation tools, long-running scripts Configurable per workspace and table Create, read, update, delete rows; limited to data operations
JWT token Temporary (7 mins) Short-term operations, development testing Full account access All API endpoints including database/table management

Enterprise license: Only workspace-level admins and builders can create database tokens, ensuring proper access control for sensitive operations.

How to create a database token

  1. Access token settings

    • Click on your workspace in the top left corner
    • Navigate to Settings
    • Select the Database tokens tab
  2. Create new token

    • Click Create token +
    • Use a descriptive name that indicates the token’s purpose (e.g., “Zapier Integration” or “Mobile App Access”)
    • Select the target workspace
  3. Generate and secure your token

    • Click Create token
    • Copy the generated token immediately
    • Store it securely

Create a Baserow database token

Managing database tokens

It is recommended to create separate tokens for different applications or environments. Document where each token is used for easier management.

Copy an existing token

  1. Find your token in the Database tokens list
  2. Click the ellipsis (•••) menu beside the token
  3. Click the copy icon to copy the token ID

Regenerate a compromised token

If your token is accidentally exposed:

  1. Click Generate new token on the existing token
  2. Update all applications using the old token
  3. The old token becomes invalid immediately

Delete unused tokens

  1. Click the ellipsis menu beside the token
  2. Select Delete to permanently remove access
  3. Ensure no applications are still using the token

Rename tokens

Click Rename to update the token’s display name without affecting its functionality.

Regenerate database token

Database token permissions

Database tokens use role-based permissions that determine what operations are allowed:

Permission Description API Operations
Create Add new rows (includes read access) POST to /api/database/rows/table/{table_id}/
Read View existing data GET from rows and table endpoints
Update Modify existing rows (includes read access) PATCH to row endpoints
Delete Remove rows DELETE from row endpoints

No access: Token cannot interact with table

Only grant necessary permissions, review token permissions periodically, and use different tokens for development/production.

Setting workspace-level permissions

  • All tables checked: Token works on every table in the workspace
  • Specific tables: Limit access to selected tables only
  • Operation toggles: Enable/disable create, read, update, delete per workspace

Using tokens with the API

Authentication header format

Authorization: Token YOUR_DATABASE_TOKEN_HERE

Example API request

curl -H "Authorization: Token abc123def456" \
     -H "Content-Type: application/json" \
     https://api.baserow.io/api/database/1/tables/2/rows/

Common integration patterns

  • Zapier/Make: Use token in connection settings
  • Custom scripts: Include in HTTP headers
  • Mobile apps: Store securely, never hardcode

Frequently asked questions

What happens if I delete a token that’s in use?

Applications using the deleted token will immediately lose access and receive authentication errors. Update applications with a new token before deleting the old one.

Can I see what operations a token has performed?

Currently, Baserow doesn’t provide detailed audit logs for token usage. Consider implementing logging in your applications that use the tokens.

How do I know if my token permissions are correct?

Test your token with a simple API call to verify permissions work as expected. The API will return permission errors for unauthorized operations.

What’s the difference between database tokens and personal API tokens?

These are the same thing - “database tokens” and “personal API tokens” refer to the same permanent authentication method in Baserow.

Can I use one token for multiple workspaces?

No, each database token is scoped to a single workspace. Create separate tokens for accessing different workspaces.

Troubleshooting common issues

Authentication errors

  • Verify token is included in the Authorization header
  • Check token hasn’t been deleted or regenerated
  • Ensure proper header format: Authorization: Token YOUR_TOKEN

Permission denied errors

  • Review token permissions for the target table
  • Confirm workspace access is enabled
  • Check if you’re trying operations beyond token scope

Token not working after creation

  • Copy the token immediately after creation
  • Tokens cannot be viewed again once the creation dialog closes
  • Regenerate if you suspect the token was copied incorrectly

Still need help? If you’re looking for something else, please feel free to make recommendations or ask us questions; we’re ready to assist you.