From 33766eb2c68170d728f4b793939ec1efe29cfefa Mon Sep 17 00:00:00 2001 From: Collin Schwantes Date: Mon, 12 Dec 2022 15:24:23 -0600 Subject: [PATCH 1/3] updated chapter with links to scoped token. Made corresponding changes in airtaber --- airtable.Rmd | 16 ++++++++++++++-- 1 file changed, 14 insertions(+), 2 deletions(-) diff --git a/airtable.Rmd b/airtable.Rmd index e309802..c3921d0 100644 --- a/airtable.Rmd +++ b/airtable.Rmd @@ -151,7 +151,7 @@ Feel free to reach out to the data librarian for questions about base design. Airtable has five main routes for automating processes. 1) [Automations](https://support.airtable.com/hc/en-us/articles/360050974153-Automations-overview) - a drag and drop visual programming tool -2) [Applications](https://support.airtable.com/hc/en-us/articles/115013403608-Airtable-apps-overview) - pre-built applications that perform some task +2) [Extensions](https://support.airtable.com/docs/airtable-extensions-overview) - pre-built applications that perform some task 3) [Scripting](https://support.airtable.com/hc/en-us/articles/360043041074-Scripting-app-overview) - use JavaScript to automate tasks within Airtable 4) [Blocks](https://www.airtable.com/developers/apps/guides/getting-started) - use JavaScript to create custom applications 5) [REST API](https://airtable.com/api) - use whatever programming language you like to automate processes @@ -203,6 +203,18 @@ Blocks are custom applications built in JavaScript and node.js that add to base All Airtable bases are automatically accessible to authorized users via a REST API. The list of API accessible bases you have access to can be found here: https://airtable.com/api. By clicking on a base you will be able to see the full API documentation for that base. + +### Scoped Tokens + +Airtable is moving to a [scoped tokens](https://airtable.com/developers/web/guides/personal-access-tokens) based approach to api access. Scoped personal access tokens allow you to create a token for a specific base with specific permissions - e.g. token has read-only access to a bat sampling base. Using scoped tokens in this way means that if the token is compromised (leaked, stolen, accidentally committed unencrypted to a github repo, etc), you can delete that token to remove any access it might have had and the limited scope means that you know exactly what a person would have been able to access. + +To create a personal access token go here: https://airtable.com/create/tokens + +** Remember to save the token in a secure place. + +Airtable has also deployed [oauth tokens](https://airtable.com/developers/web/api/oauth-reference) for all users. + + ### Airtable and R The Airtable REST API can be used via R with the [airtabler package](https://github.com/ecohealthalliance/airtabler). EHA has started a fork of the package that has additional functionality so it is recommended to use that version. The original package design works well for exploring the data. Our extension adds additional functionality to help use `airtabler` in automation via continuous integration such as GitHub Actions. @@ -213,7 +225,7 @@ devtools::install_github("ecohealthalliance/airtabler") The Airtable API serves up data as JSON, which has a hierarchical structure similar to a list in R. To handle JSON, `airtabler` uses the `jsonlite` package. Its helpful to understand how `jsonlite` handles different JSON structures when working with more complicated Airtable data. See the `jsonlite` [quick-start guide](https://cran.r-project.org/web/packages/jsonlite/vignettes/json-aaquickstart.html) for a basic overview. The [`purr` package](https://purrr.tidyverse.org/) is extremely helpful when dealing with data objects derived from JSON because it facilitates navigating nested data structures. -The `airtabler` package provides instructions for setting up access to the Airtable API. You will need to following those instructions for the following examples to work. +The `airtabler` package provides instructions for setting up access to the Airtable API. You will need to follow those instructions for the following examples to work. **One to One join** From 35b35c70245b172f254924dd4c81712b35f756a0 Mon Sep 17 00:00:00 2001 From: Collin Schwantes Date: Mon, 12 Dec 2022 15:27:07 -0600 Subject: [PATCH 2/3] added warning about storing unecrypted tokens on github --- airtable.Rmd | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/airtable.Rmd b/airtable.Rmd index c3921d0..719e3e3 100644 --- a/airtable.Rmd +++ b/airtable.Rmd @@ -210,7 +210,7 @@ Airtable is moving to a [scoped tokens](https://airtable.com/developers/web/guid To create a personal access token go here: https://airtable.com/create/tokens -** Remember to save the token in a secure place. +** Remember to save the token in a secure place. Do not store unencrypted tokens on the web (e.g. pushing them to github). Airtable has also deployed [oauth tokens](https://airtable.com/developers/web/api/oauth-reference) for all users. From 9fb12f29a14775f0d18c6c28b6437c19cb594009 Mon Sep 17 00:00:00 2001 From: Collin Schwantes Date: Mon, 12 Dec 2022 16:02:08 -0600 Subject: [PATCH 3/3] added information about share links and interfaces --- airtable.Rmd | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/airtable.Rmd b/airtable.Rmd index 719e3e3..0941550 100644 --- a/airtable.Rmd +++ b/airtable.Rmd @@ -88,7 +88,15 @@ Airtable provides database (referred to as "base") and workspace administrators - **Reader**: Sees full base Direct access to a base or workspace is granted or removed by base owners and creators to Airtable users. Base owners and creators can control who has access to a base and can control any “share” links created for that base. They may also restrict editing of tables or fields within a base. Any collaborator given direct access to a base at any permission level will be able to duplicate that base and share that data further. It is important that direct access to the base is limited to individuals with a need to curate or analyze the data. -To further restrict access to a base, users can be given indirect access via revocable share links. These can be customized to prevent users from seeing the full base, prevent duplicating the base, and prevent copying data from the base. The ability to use the link can be password protected, restricted to people with certain email domains, and may be revoked at any time. If there are concerns about data leaks via base or table duplication, inviting people with a need to view the data via share links constrains their ability to extract data from the base. + +### Share Links and Interfaces + +To further restrict access to a base, users can be given indirect access via revocable share links or interfaces. + +[Share links](https://support.airtable.com/docs/creating-a-base-share-link-or-a-view-share-link) can be customized to prevent users from seeing the full base, prevent duplicating the base, and prevent copying data from the base. The ability to use the link can be password protected, restricted to people with certain email domains, and may be revoked at any time. If there are concerns about data leaks via base or table duplication, inviting people with a need to view the data via share links constrains their ability to extract data from the base. + +[Interfaces](https://support.airtable.com/docs/interface-designer-overview) are dynamic dashboards built on a limited set of data in an airtable base. Users can explore or even edit data based on the permissions provided by the interface creator. Access can be further tuned by setting up a "current-user filter". See [this guide](https://support.airtable.com/docs/interface-designer-permissions) for more information. + ## Data in Airtable