I want to be clear here because it is easy to get confused: there are two separate ways to get a token to access the API.
The first way is using OAuth 1.0. The Glitch Project uses OAuth 1.0. Our OAuth 1.0 implementation follows the OAuth 1.0 Specification. If you are not familiar with OAuth 1.0 and are not already using it for other applications, I wouldn’t recommend it as a starting point. I would recommend the option below.
The second way is using the
1/authorize/ route. By sending a user to this route with your API key, you are able to ask them to grant your application (identified by the API key) access to their account. For instance, here is the authorization grant using my API key: https://trello.com/1/authorize?expiration=1hour&scope=read&response_type=fragment&name=Bentley's%20Example%20Project&key=0471642aefef5fa1fa76530ce1ba4c85.
If you hit accept, you’ll be given a token which can be passed along with the API key in query parameters to the Trello API. Because your Trello user granted access my API access, you are accessing Trello’s API as that user. So if you take the key and token and add them to the following request:
you will see the data related to your Trello member. You can continue to pass in the key and token as query parameters to other API routes.
The end result of both of these options is that you will receive a token that can be used to access Trello’s API on behalf of a user.