Application Tokens

This topic refers to functionality that is not available to accounts on the QuickBase Essential plan. If the functionality described here does not match what you're seeing in QuickBase, your account is probably on this plan.

Advanced programmers have the ability to create web pages and other systems that interact with QuickBase. This fancy coding is possible through the QuickBase HTTP API. If you plan to make API calls to your application, you'll want to use application tokens.

A token is an extra string of characters you insert within an API call. That string must match one of the application tokens assigned to the application your API call targets. You control whether or not your application requires tokens.

How tokens work. This image shows what happens when an API call with a token targets different applications. The token string in your API call must match a token assigned to the application, or the call won't work. If the application does not require tokens, the call executes.


Why should I use application tokens?

Application tokens are an added layer of security to protect your application. Tokens make it all but impossible for an unauthorized person to create API calls to your application. QuickBase recommends that you require application tokens for all your applications. If you later decide you don't want to use tokens and your application does not contain sensitive data, you can disable tokens for that application. If you do so, API calls will work, even if they specify an application token. But QuickBase recommends using tokens wherever possible.

When should I disable application tokens?

If you want to use exact forms, disable application tokens. If you're having trouble incorporating a QuickBase add-on or wizard that uses tokens, you can disable tokens. Likewise, if your application features formula URL fields that include API calls, you can save yourself the trouble of updating those calls with tokens by disabling tokens in your application. But disabling tokens is a workaround solution and means that you'll lose the additional level of security that tokens supply.

Generating a token is a one or two-step process, depending upon whether the token exists already:

Access the Manage Application Tokens page

From the Manage Application Tokens page, you can view application tokens for this app, create new tokens, and assign existing tokens to this app.

To access the Manage Application Tokens page, or view application tokens:
  1. In the App bar, select the application you want, click SETTINGS, then click App properties.

  2. Click Advanced settings to expand the section, if needed.

  3. Under Application Tokens, click the Manage Application Token link.

Create and assign an application token

You can create a token and assign it to an application at the same time. When you do so, the token will be available for assignment to other applications too.

To create a new application token:
  1. Access the Manage Application Tokens page.

  2. Click Create New Application Token.

  3. Type in a description to remind you what the token does.

  4. If you want QuickBase to copy this token when you copy the application, turn on the Ok to Copy checkbox.

  5. Click OK.

    The new token appears in the list of application tokens. API calls containing this token can now interact with the application. The new token is available for assignment to other applications.

Assign an existing token to an application

If the token you want to assign already exists, assign it to the app with which you want API calls to work.

To assign an existing token to the current app:
  1. Access the Manage Application Tokens page.

  1. Click Assign Existing Application Token.

  2. Paste or type in the application token.

    Alternatively, you can choose an existing token: click Choose Existing Token, and choose a token from the dropdown.

  3. Type in a description to remind you what the token does.

  4. Select the OK to Copy checkbox to copy this token when you copy the application.

  5. Click OK. API calls containing this token can now interact with the application.

Sample URL featuring an API call with token

Insert the token as you'd insert any parameter in a URL string:


Replace token with the actual token itself, as in this example:

Further details on crafting API calls are available in the QuickBase HTTP API documentation.

Related Topics:


Return to top   

© 1999-2016  QuickBase, Inc.  All rights reserved.  Legal Notices.