Baserow database tokens provide secure, permission-controlled API access without exposing your account credentials to external applications.
Database tokens are permanent API keys that let you securely connect external applications to your Baserow data. Create tokens to authenticate API requests for reading, writing, updating, and deleting data without sharing your login credentials.
Database tokens are permanent authentication keys that grant programmatic access to your Baserow data through the REST API. Unlike temporary session tokens, database tokens don’t expire and can be used continuously by external applications, scripts, or integrations.
These tokens act as digital keys, allowing authorized systems to perform specific operations on your databases while maintaining security through granular permission controls. You can create multiple tokens with different access levels for different use cases.
Baserow offers two authentication methods for API access:
Token type | Duration | Use case | Permissions | Operations |
---|---|---|---|---|
Database token | Permanent | External applications, automation tools, long-running scripts | Configurable per workspace and table | Create, read, update, delete rows; limited to data operations |
JWT token | Temporary (7 mins) | Short-term operations, development testing | Full account access | All API endpoints including database/table management |
Enterprise license: Only workspace-level admins and builders can create database tokens, ensuring proper access control for sensitive operations.
Access token settings
Create new token
Generate and secure your token
It is recommended to create separate tokens for different applications or environments. Document where each token is used for easier management.
If your token is accidentally exposed:
Click Rename to update the token’s display name without affecting its functionality.
Database tokens use role-based permissions that determine what operations are allowed:
Permission | Description | API Operations |
---|---|---|
Create | Add new rows (includes read access) | POST to /api/database/rows/table/{table_id}/ |
Read | View existing data | GET from rows and table endpoints |
Update | Modify existing rows (includes read access) | PATCH to row endpoints |
Delete | Remove rows | DELETE from row endpoints |
No access: Token cannot interact with table
Only grant necessary permissions, review token permissions periodically, and use different tokens for development/production.
Authorization: Token YOUR_DATABASE_TOKEN_HERE
curl -H "Authorization: Token abc123def456" \
-H "Content-Type: application/json" \
https://api.baserow.io/api/database/1/tables/2/rows/
Applications using the deleted token will immediately lose access and receive authentication errors. Update applications with a new token before deleting the old one.
Currently, Baserow doesn’t provide detailed audit logs for token usage. Consider implementing logging in your applications that use the tokens.
Test your token with a simple API call to verify permissions work as expected. The API will return permission errors for unauthorized operations.
These are the same thing - “database tokens” and “personal API tokens” refer to the same permanent authentication method in Baserow.
No, each database token is scoped to a single workspace. Create separate tokens for accessing different workspaces.
Authorization
headerAuthorization: Token YOUR_TOKEN
Still need help? If you’re looking for something else, please feel free to make recommendations or ask us questions; we’re ready to assist you.
Contact support for questions about Baserow or help with your account