Application Tokens

Advanced programmers have the ability to create web pages and other systems that interact with QuickBase. This fancy coding is possible through the QuickBase HTTP API. If you plan to make API calls to your application, you'll want to use application tokens.

A token is an extra string of characters you insert within an API call. That string must match one of the application tokens assigned to the application your API call targets. You control whether or not your application requires tokens.


How tokens work. This image shows what happens when an API call with a token targets different applications.
The token string in your API call must match a token assigned to the application, or the call won't work.
If the application does not require tokens, the call executes.

FAQs -
Why should I use application tokens?

Application Tokens are an added layer of security to protect your application. Tokens make it all but impossible for an unauthorized person to create API calls to your application. QuickBase recommends that you require application tokens for all your applications. If you later decide you don't want to use tokens and your application does not contain sensitive data, you can disable tokens for that application. If you do so, API calls will work, even if they specify an application token. But QuickBase recommends using tokens wherever possible.

When should I disable application tokens?

If you want to use exact forms, disable application tokens. If you're having trouble incorporating a QuickBase add-on or wizard that uses tokens, you can disable tokens. Likewise, if your application features formula URL fields that include API calls, you can save yourself the trouble of updating those calls with tokens by disabling tokens in your application. But disabling tokens is a workaround solution and means that you'll lose the additional level of security that tokens supply.

Note: At this time, tokens are an optional security enhancement, but eventually all QuickBase applications will require tokens.

Generating a token is a one or two-step process, depending upon whether the token exists already:

Create and assign an application token

You can create a token and assign it to an application at the same time. When you do so, the token will be available for assignment to other applications too.

To create and assign an application token:

  1. Open the application.

  2. In the menu bar on any application page, select Customize > Application.

  3. On the Properties tab, click Advanced Settings to expand the section.

  4. In the Application Tokens section, click the Manage Application Token link. The Manage Application Tokens page displays.

  5. Click the Create New Application Token link.

  6. Type in a description to remind you what the token does.

  7. If you want QuickBase to copy this token when you copy the application, turn on the OK to Copy checkbox.

  8. Click OK.

    The new token appears in the list of application tokens. API calls containing this token, can now interact with the application. The new token is available for assignment to other applications.

Where can I view all the tokens I've created?
Your User Profile shows all the tokens you've created. To access your profile, go to the upper right of any application page and click your name. Within the menu that displays, select Edit User Profile.
                                      
On the left side of the page, click the Manage Application Tokens link. The screen that appears shows every token you've created. If you want, you can create a new token on this screen. To do so, go to the lower right of the list and click the Get New Token button.

Assign an existing token to an application

If the token you want to assign already exists, assign it to the application with which you want API calls to work.

To assign a token to an existing application:

  1. Open the application.

  2. In the menu bar on any application page, select Customize > Application.

  3. On the Properties tab, click Advanced Settings to expand the section.

  4. In the Application Tokens section, click the Manage Application Token link. The Manage Application Tokens page displays.

  5. Click the Assign Existing Application Token link.

  6. Paste or type in the application token.

  7. Type in a description to remind you what the token does.

  8. If you want QuickBase to copy this token when you copy the application, turn on the OK to Copy checkbox.

  9. Click OK. API calls containing this token can now interact with the application.

Sample URL featuring an API call with token

Insert the token as you'd insert any parameter in a URL string:

&apptoken=token

Replace token with the actual token itself, as in this example:

https://www.quickbase.com/db/bdz6zm7uy?a=api_clonedatabase&newdbname=MyTestApp&newdbdesc=Testing&keepData=1&apptoken=bghbnjfu7s9amn7akduwomaytzy
Further details on crafting API calls are available in the QuickBase HTTP API documentation.

Related Topics

 

This page refers to an older version of QuickBase. Online help is now located at http://www.quickbase.com/user-assistance/default.html.

 

Return to top   

© 1999-2013 Intuit Inc. All rights reserved. Legal Notices.