Changing token scope

aleksg · April 28, 2021, 7:37pm

I would like to change the scope for the tokens users are receiving when authorizing (REST API Client).
I have two questions:

Is there a way to invalidate ALL tokens for all users in one go, so they are forced to authorize again?
How can I check what scope (e.g. ‘write’) is the given token covering?

bentley · April 28, 2021, 7:58pm

You can not make a single API request to invalidate all tokens for a specific key. However, you can make a single DELETE call per a token to delete the token: https://developer.atlassian.com/cloud/trello/rest/api-group-tokens/#api-tokens-token-webhooks-idwebhook-delete

You can make a GET request to 1/tokens/{token} with each token and you’ll see a response like this that includes the scopes:

{
    "id": "22f1c54836089bdb264f837d",
    "identifier": "Example Token",
    "idMember": "5589c3ea49b40cedc28cf70e",
    "dateCreated": "2021-04-28T19:55:30.122Z",
    "dateExpires": "2021-04-28T20:55:30.122Z",
    "permissions": [
        {
            "idModel": "5589c3ea49b40cedc28cf70e",
            "modelType": "Member",
            "read": true,
            "write": true
        },
        {
            "idModel": "*",
            "modelType": "Board",
            "read": true,
            "write": true
        },
        {
            "idModel": "*",
            "modelType": "Organization",
            "read": true,
            "write": true
        }
    ]
}

aleksg · April 30, 2021, 10:01am

Thanks for the quick reply.

Does having permissions on modelType “Member” correspond to the “account” scope?

bentley · April 30, 2021, 1:12pm

Yes - sorry for not specifying that.