In Quick Base, User tokens are used to secure your apps. Generally, Application tokens are used as a form of authentication using API_Authenticate call with additional authentication information supplied either as username/password or as a ticket. Likewise, User tokens are a form of authentication that is based on the specific user that can grant access to any call to API eliminating the authentication part thus providing many benefits mentioned below.

Benefits of user tokens

  • Eliminates the need for application tokens.
  • Greater convenience, because user tokens are pre-generated, and don’t require a call to API_Authenticate.
  • SAML/LDAP customers can use Quick Base APIs without creating a robot user or Gmail user. With user tokens, now SAML users can create a token and call APIs with their own permissions.
  • If you’re a Quick Base Solution Provider, you can add user tokens to your scripts that won’t expire, so you won’t have to find and fix authentication errors.
  • Enhanced security:
    • The scope of action is limited to just the apps you’ve assigned the user token to.
    • You can easily unassigned a token from an app.
    • The user token can’t be used to authenticate to the user interface (e.g., in URLs).
    • You can see when a user token was last used.
    • You can deactivate a token temporarily to debug a call or even quickly delete the user token if you suspect your app’s security has been compromised.

Sample XML request for any Quick Base API call.

<qdbapi>
 <udata>mydata</udata>
  <usertoken>user_token</usertoken>
</qdbapi>

No need to pass <ticket> and <apptoken> in the XML request. If you use a user token as your authentication method, Quick Base doesn’t even check for the application token.

Though User token provides enhanced security, you should treat user tokens with the same care as you do username/passwords especially if you are calling APIs from a browser because someone could extract the token from the JavaScript source and use it to impersonate the user whose token it belongs to.

 

Taksa with our focus and experience of more than a decade in providing end-to-end services spanning Quick Base Development, design & architecture and below services as well – Offshore IT outsourcing services, Quick Base CRM Development Outsourcing, Application Development Outsourcing.