For a long time, Airtable has supported access to their API via a single API Key per account.  The API Key gives full access to all the user's tables and bases.

The downside of this approach, of course, is security and key management.  Some apps may just need read access, but there was no way to generate a read-only key previously.  Also, if multiple apps are using the same API Key, revoking/renewing the key will affect all of them.

Airtable has recently added support for Personal Access Tokens, which is much more flexible.  This allows you to create multiple tokens with different permission scopes, and you can also specify which bases the token has access to.  This is a big improvement when it comes to security and key management.

EZ Exporter already supports Personal Access Tokens.  We recommend creating a separate Personal Access Token specifically for use with EZ Exporter.  This way, if you no longer need the app, you can just revoke/delete it without affecting any other app or service.

The only permission scopes needed by EZ Exporter are the following:

• data.records:read
• data.records:write

We have a detailed guide here with screenshots on how to create a Personal Access Token.

Airtable will be deprecating the use of the old API Key method by the end of January 2024, so there's still plenty of time to switch.  You can still use the API Key with EZ Exporter, but we recommend switching to Personal Access Tokens as soon as possible as it offers better security.