API

The Tabidoo API is a simple way to integrate your app with Tabidoo. If you're a developer or familiar with APIs, you should be able to build a complete integration within minutes.

The Tabidoo API is a simple way to integrate your app with Tabidoo. If you're a developer or familiar with APIs, you should be able to build a complete integration within minutes.

Where to find the API section in Tabidoo?

You can generate the API token in the user settings of your account.

Token Overview

1. Standard JWT Token

Usage: General API access for managing data, structure, users, etc.

Generated in: User Settings > API section

Access Level: Full access equivalent to the user's permissions

Security Note: Treat this token as your password—keep it secret and secure.

2. API Token with Assigned Role

Usage: Integration scenarios where controlled access is required

Management: Created by administrators and assigned a role with specific permissions

Best Practice: Use this token for automated tasks or integrations to limit risk exposure

3. Short API Token

Usage: Uploading files or images (e.g., attachments, avatars, public forms)

Lifespan: Short-term, lower privileges

Source: Generated per task, used in isolated upload actions

4. Public Form Tokens

Usage: Publicly accessible forms for external data collection

Behavior: Embedded in the public form URL; no login required

Security Consideration: Ensure form data is validated and usage restricted by design

5. Workflow Execution Tokens

Usage: Triggering workflow actions (e.g., via HTTP requests or external services)

Typical Scenario: Automated triggers from external systems


How to Use Tokens in API Calls

All API calls must include an Authorization header in the following format:

Authorization: Bearer <your-token>

Example:

curl -X GET https://api.tabidoo.cloud/api/v2/table/data \
  -H "Authorization: Bearer eyJhbGciOi..."

Make sure to use HTTPS for all API interactions.


Token Usage in Workflow Automation

Tabidoo workflows can use tokens to fetch or submit data from/to external sources. Here’s where tokens often apply:

Load External Data: When importing from APIs, FTP, or shared drives, tokens authenticate access.

Trigger Workflow via API: A token is required to securely trigger execution of workflows externally.

Access Control: Tokens can dictate what level of access a workflow automation has.


Best Practices for Token Security

Use API tokens with limited roles for external integrations.

Store tokens securely (e.g., in environment variables).

Rotate tokens periodically.

Revoke tokens when no longer needed or if compromised.

Avoid exposing tokens in frontend code or public repositories.


Example Use Cases

Use CaseRecommended Token
Public form submissionStandard API Token
Integration with external systems (Zapier, Make.com)API Token with Role
Upload images or attachmentsShort API Token
Internal admin scriptingStandard JWT Token
Trigger workflows from external webhookStandard API Token

Note: Improper token usage can lead to unauthorized access or data leaks. Follow the principle of least privilege and review permissions regularly.


For more information, visit Full API documentation.