By default an application key can redirect to any domain, but we strongly recommend that you specify the origins that your application will redirect to when completing authorization.įor example, if we were GitHub building a GitHub integration for Trello, and we know we will only ever redirect back to after the user grants access in the auth flow, or perhaps also for local development, we could add both of those as allowed origins for our application, and no one will be able to use our API key to authenticate users and pass back the token to any other URLs, like. When your application is authenticating a user, you may provide a return_url that Trello will redirect to after the user gives consent for your application. At that point in time, the Power-Up or integration should ask the user to re-authorize the application. If a token has been revoked, the API will respond with a 401 HTTP status and the message: invalid token. There is a /1/tokens resource that includes a DELETE action.Īpplications and Power-Ups should handle token revocation gracefully. Revoking the token removes the token's access to the user's account and it can no longer be used to make requests to Trello's API on behalf of the user. Users are able to revoke a token by clicking on the Revoke button next to the listing. There, under the Applications heading, they will see a list of every application they've granted access to, the scope of the access, the date access was approved, and the date that the token expires. You can now use that token and your API key to make a request to the Trello API. The name of the application, length of access, and scope of permissions are all configurable via query params (documented below).įor instance, if you're just getting started with Trello's API and you'd like to explore what is possible, you can generate a token for yourself using your API key and the following URL:Īfter visiting this page and clicking the green Allow button, you'll be redirected to a page with your token. When you kick off the authorization flow, the user will see the following screen: The authorize prompt can be opened in a number of different ways and with a number of different options. To do so, you should direct a user to the authorize URL and pass along the query parameters needed as documented below. Once you have an API key, you will use it to ask a Trello user to grant access to your application. To begin the authentication process, you need an API key.Īs an API key is tied to a Power-Up, you can visit the page, access your Power-Up, navigate to the API Key tab and select the option Generate a new API Key if you haven't generated the API key yet. If you'd rather use OAuth, you can skip ahead to Using Basic Via our 1/authorize route, the second is via basic OAuth1.0. There are two ways to authorize a client and receive a User Token. Once a Trello user has granted an application access to their Trello account and data, the application is given a token that can be used to make requests to the Trello API on behalf of the user. Trello's API uses token-based authentication to grant third-party applications access to the Trello API.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |