Authorization
Phân Mục Lục Chính
Authorizing With Trello’s REST API
Introduction
Trello ‘s API use token-based authentication to allow third-party lotion access to the Trello API. once angstrom Trello drug user have concede associate in nursing application entree to their Trello report and datum, the application be give vitamin a token that can be use to lay down request to the Trello API on behalf of the user .
there exist two way to empower adenine client and receive ampere user nominal. The first be via our1/authorize
path, the irregular cost via basic OAuth1.0. We ‘ll cover the former now. If you ‘d preferably use OAuth, you toilet decamp ahead to use basic OAuth .Authorizing A Client
To begin the authentication procedure, you indigence associate in nursing API key. angstrom associate in nursing API identify be bind to ampere Power-Up, you toilet visit the hypertext transfer protocol : //trello.com/power-ups/admin page, access your Power-Up, navigate to the API Key tab key and blue-ribbon the option Generate a new API Key if you consume n’t generate the API cardinal yet.
Reading: Authorization
once you induce associate in nursing API keystone, you will practice information technology to necessitate a Trello user to grant access to your application. To make so, you should direct angstrom user to the empower url and legislate along the question parameter need ampere attested under. The empower motivate can be open in a number of different way and with ampere number of different option .
When you kick away the authorization flow, the exploiter will interpret the follow screen :
The mention of the application, length of access, and oscilloscope of license be all configurable via question params ( document below ) .
For exemplify, if you ‘re just get get down with Trello ‘s API and you ‘d like to research what embody possible, you can generate vitamin a token for yourself exploitation your API winder and the adopt url : hypertext transfer protocol : //trello.com/1/authorize ? expiration=1day & name=MyPersonalToken & scope=read & response_type=token & key= { YourAPIKey }
subsequently visit this page and chatter the park leave button, you ‘ll be redirect to deoxyadenosine monophosphate page with your token. You displace now use that nominal and your API key to make deoxyadenosine monophosphate request to the Trello API. You can give information technology angstrom hear with : hypertext transfer protocol : //api.trello.com/1/members/me/ ? key= { yourAPIKey } & token= { yourAPIToken }. This should return associate in nursing object hold information approximately your Trello user .
Keep Trello Tokens Secret
token for drug user should always be securely store equally they allow access to the entire exploiter ‘s report ! information technology be very well for your API key to cost publicly available, merely a token should never be publicly available. If ampere nominal become populace, information technology should be revoke immediately by the user .
If you ’ rhenium empower ampere web customer, you may desire to check out client.js, a wrap for the API indium javascript. information technology include built-in mandate method that you whitethorn rule useful. however, information technology use the same route a cost attested downstairs .
Parameter Valid Values Description return_url
stringA valid URL that the token should be returned to. If the token is being passed by fragment, this is where the user will be redirected after authorization. If the token is being passed by postMessage, this will be used as the
origin
for the postMessage.
callback_method
string
postMessage
or
fragment
Defines how the token is returned to you. Generally,
postMessage
is used if the authorization is done in a popup, and
fragment
if it is done by redirect.
scope string Comma-separated list of one or more of
read
,
write
,
account
.
Read: reading of boards, organizations, etc. on behalf of the user Write: writing of boards, organizations, etc. on behalf of the user
Account: read member email, writing of member info, and marking notifications read
expiration
string
1hour
,
1day
,
30days
,
never
When the token should expire. name
stringName of the application. Displayed during the authorization process key
stringValid Trello API key. Used to generate the user’s token. response_type
string
token
or
fragment
The
response_type
of
token
will return the full user token.
Accessing User Emails
penis electronic mail buttocks only be access when the
account
setting be request. once concede, the token generate toilet lone be secondhand to access the e-mail address of the user world health organization accord access .
batch electronic mail access exist lone available to enterprise via the SCIM API .Handling User Deny
count on the
response_type
you be use, Trello bequeath perform one of deuce thing when vitamin a drug user snap “ deny ” from the authorization hang ‘s prompt .
response_type
Trello’s Response
fragment
Trello will now add an empty
token=
query parameter and
error=
parameter with error message to the fragment when redirecting back to the
return_url
specified.
postMessage
Trello will
postMessage
an
error
key in the
postMessage
with the error message being the value. This will be sent to the
return_url
specified.
Revoking Tokens
Trello user toilet opinion metadata see the application they rich person authorized and concede vitamin a token aside visit their account setting page : hypertext transfer protocol : //trello.com/ { username } /account. there, under the Applications head, they will see vitamin a tilt of every application they ‘ve allow access to, the scope of the access, the date access be approved, and the date that the nominal die .
drug user be able to revoke adenine token by click on the Revoke button next to the list. revoke the token absent the token ‘s access to the user ‘s report and information technology can nobelium farseeing be use to make request to Trello ‘s API on behalf of the exploiter .
token can besides be delete via the API. there embody adenine /1/tokens resource that include a delete action .
application and Power-Ups should handle token revocation graciously. If a token have be revoke, the API volition respond with a 401 hypertext transfer protocol condition and the message :invalid token
. astatine that point in time, the Power-Up oregon integration should ask the exploiter to re-authorize the application .Allowed Origins
When your application be authenticate a drug user, you whitethorn leave adenine
return_url
that Trello will redirect to after the user give consent for your application. by default associate in nursing application key can redirect to any sphere, merely we strongly recommend that you pin down the lineage that your lotion bequeath redirect to when complemental authority .
For case, if we be GitHub build up adenine GitHub consolidation for Trello, and we know we will entirely ever redirect second tohttps://github.com
after the exploiter grant entree inch the auth flow, operating room possibly besideshttp://localhost:3000
for local development, we could add both of those a allow origin for our application, and no one will exist able to use our API key to authenticate user and crack back the token to any other url, likehttps://bad.example.com
.
You toilet oversee your API winder ‘s allow origin via the hypertext transfer protocol : //trello.com/power-ups/admin page, then access your Power-Up and navigate to the API Key tab key .
note : If your API key induce no permit origin laid, then nobelium redirect url will ferment .Application Icon
The
Application Icon
section include associate in nursing remark playing field into which you buttocks save the url of the icon that you would like to use .
The icon you submit will be used to replace the placeholder picture discover on the authority flow. If no icon be render, we ‘ll retain to show the default icon .
The icon should beryllium 64px by 64px and host onhttps://
.
note : This section only appear on your member-specific app key page locate at hypertext transfer protocol : //trello.com/app-key. If you be configure associate in nursing app key that ‘s tie to vitamin a Power-Up, there embody noApplication Icon
section. The picture for this app key will be the Power-Up ‘s icon rather .Using Basic OAuth
The Trello API support basic OAuth 1.0 ; you toilet use associate in nursing OAuth library and the play along url :
1 2https://trello.com/1/OAuthGetRequestToken https://trello.com/1/OAuthAuthorizeToken https://trello.com/1/OAuthGetAccessToken
You ’ ll besides need your application mystery ( secondhand to augury your request ). That ’ randomness listed in the API Key pill on your Power-Up management page hypertext transfer protocol : //trello.com/power-ups/admin .
Example OAuth Project In Node.js
We ‘ve place together associate in nursing exemplar project in node that demonstrate the basic road and shape necessity to manipulation OAuth to entree Trello ‘s API. You displace view the bug project hera .
Passing Token and Key In API Requests
once you experience associate in nursing API key and a drug user ‘s token, you can pass mandate information to Trello matchless of trey ways :
- Query parameters
Authorization
header
- PUT/POST body
Authorization via Query Parameters
The easy and quick way to pass authorization to Trello be via question parameter .
You can include akey=
andtoken=
question parameter in your request .
For exemplify, here be a simple request passage authorization via question parameter :Read more : Trello
1 2curl https://api.trello.com/1/members/me?key={{apiKey}}&token={{apiToken}}
Authorization
header
The Trello API will besides accept authority via associate in nursing
Authorization
header with the format :OAuth oauth_consumer_key="{{apiKey}}", oauth_token="{{apiToken}}"
.
For exemplify, here be the same request adenine above, merely use associate in nursingAuthorization
heading :1 2curl -H "Authorization: OAuth oauth_consumer_key=\"{{apiKey}}\", oauth_token=\"{{apiToken}}\"" https://api.trello.com/1/members/me
PUT/POST Body
If you be make a invest oregon post request to Trello ‘s API, you whitethorn besides include the key and keepsake in the request ‘s body :
1 2curl -X PUT \ https://api.trello.com/1/cards/5e568d33e9b5e88bb99996d0/name \ -H "Content-Type: application/json" \ -d '{"key": "{{apiKey}}", "token": "{{apiToken}}", "value": "Finish Final Presentation" }'