Error when requesting Trello access token response{code=400, message='Bad Request', body='null',

Trying to run the scribejava library from GitHub to run a simple get from Trello Rest API
I Included the KEY and KEY Secret Tokens then I requested the access Token.

I tried the following example in eclipse: scribejava/scribejava-apis/src/test/java/com/github/scribejava/apis/examples/ / .

I used these jars:

I only modified these lines with codes I grabbed from the Trello website.
private static final String API_KEY = “your_api_key”;
private static final String API_SECRET = “your_api_secret”;
This data was used successfully in POSTMAN to fetch the “me” data from Trello via Rest.

I see that my POST to get an access token we returned with a {code=400, message=‘Bad Request’} response.
The following code is from the the latest version of scribejava api. (scribejava-8.1.0)

Here is the code involved in the error:
(Code from
final OAuthRequest request = prepareAccessTokenRequest(requestToken, oauthVerifier);
try (Response response = execute(request)) {
return api.getAccessTokenExtractor().extract(response);

(Values from Debug)
requestToken = com.github.scribejava.core.model.OAuth1RequestToken@a*******
oauthVerifier =******************

(Code from
return api.getAccessTokenExtractor().extract(response);

Values from Debug)
request= @request(POST

response{code=400, message=‘Bad Request’, body=‘null’,
headers={null=HTTP/1.1 400 Bad Request,
X-Permitted-Cross-Domain-Policies=none, Referrer-Policy=strict-origin-when-cross-origin,
X-Frame-Options=DENY, Strict-Transport-Security=max-age=63072000;
preload, Access-Control-Expose-Headers=x-rate-limit-api-key-interval-ms,
x-rate-limit-api-key-max, x-rate-limit-api-key-remaining,
x-rate-limit-api-token-max, x-rate-limit-api-token-remaining,
X-Trello-Environment=Production, X-Trello-Version=1.2333.0,
Surrogate-Control=no-store, Content-Length=15,

This leads me to believe that you’re using a Trello Token instead of the App Secret. An App Secret can not be used to make an API request by itself.

The App Secret that you need for OAuth can be found at the bottom of

I used the API_SECRET token from the bottom of the page.
Please advise.

And you were able to make a request to /1/members/me and get back data with it?

Yes, but when I used postman I was able to manually add the Access Token that I copied from the website. Without it it won’t work in Postman either. The issue I have in java/eclipse is posting the credentials and trying to receive an Access Token programmatically. I am using the trello sample code in the scribeJava library on GitHub.
Trading the Request Token for an Access Token…
final OAuth1AccessToken accessToken = service.getAccessToken(requestToken, oauthVerifier);
The requestToken and oauthVerifier objects seem well formed with data.

I am now getting an error when posting a auth token to trello inorder to access the resource.***********************************

Invalid return_url

Please advise

That sounds like it is related to your API key’s allowed origins:

Make sure that the URL you’re redirecting to is added to your API keys allowed origins. You can update the list of allowed origins at:

I am currently working off a laptop. The only origin I could try was http://:80
This yielded the same error.
Please advise.

What is the route you are using on your local machine to test this out? That is the value that should probably be added to your allowed origins list.

Yes, I am running a java program from eclipse. I returns the authorization link that I put into a browser or console.

I have tried (with and without the port 80) as an origin.

Still get Invalid return_url

Anything else I can try?


I am on a laptop using eclipse. I tried the incoming VPN ip address and logged out of VPN and used the native ip address of my laptop. Both attempts failed. I also tries using port 80 an 443. Our network guy wanted to know if anything from your side can be blocking. Please advise.