rosszurowski/micro-airtable-api

Allow read-only APIs

Closed this issue · 3 comments

By default, with the API key users get full write access. This is fine if you want a read-write API, but if you're looking to use Airtable as a CMS/DB, you'll likely want something read-only.

Hey Ross, any plans to keep working on this? It would be very useful in my current project.

Hi! Thanks for pinging about this.

I ended up using Are.na's API for my original use for this project, so it got dropped for a bit. I'm also not actively using this project anywhere right now, so I can't promise it'll work perfectly. (Added a note about this in the README).

That said, I still think there's some cool opportunities here: Airtable's structure and UI make it seem like a solid lightweight CMS.

I just pushed some commits adding support for a READ_ONLY flag. You can use it like so:

now rosszurowski/micro-airtable-api \
  -e AIRTABLE_BASE_ID=asdf123 \
  -e AIRTABLE_API_KEY=xyz123 \
  -e READ_ONLY=true

You can also restrict specific actions with the more fine-grained ALLOWED_METHODS flag. (READ_ONLY is a shortcut for this lower-level option). So to allow creating and reading but not updating or deleting, you could pass:

now rosszurowski/micro-airtable-api -e ALLOWED_METHODS=GET,POST

Hopefully these new options support your use-case. I'm also open to reviewing PRs or supporting a fork if you want to take what's here and run with it.

Perfect, thank you!