How to get a new API-Token?

Hi Guys and Girls

When i generate a Key & Token: https://trello.com/app-key
I get the same Token every time.

  1. Must I delete the one I use right now to get a new one? Am I correct, that I can generate it once and use it without refreshing the token?

  2. Can I restrict access/authorization of the token? Right now it is authorized to ALL Boards of the organisation.

Thanks for your answers :slight_smile:

I’m guessing you’re asking for a token that never expires: expires=never? So long as your query parameters don’t change (scope, name, expiration is never), you will always get back the same token. This token can be deleted via a DELETE API request to /1/tokens/ or by revoking it manually in your user settings https://trello.com/my/account.

We use the parameters in the signature to generate the token and since they aren’t changing, you’re getting back the same token. If you were to change the name or scope parameters, you’d get back a different token.

For expiration values other than never, you will not get back the same token each time. Each token generated effectively stores an expires at value with it. And since your scope is some set time, the expires at value is going to be different every time and result in a different token being generated.

If you want multiple tokens for the same user that never expire, you could change the name parameter. And yes, with a token that never expires you do not have to refresh the token.

No, we don’t currently support scopes related to Trello objects. The only scopes we support are related to whether the token can read and/or write data, and whether the token has access to your Trello’s account information.

Hi bcook

Okay thats helpful to know that a token can read/write or only read. In my case it must only read.
Now, when i create a token here (As I did) https://trello.com/app-key
I can’t change set it to read only, or set an application name right?

So this leads me to think I must send a get request, something like:
https://trello.com/1/authorize?key=substitutewithyourapplicationkey&name=My+Application&expiration=never&response_type=token&scope=read

(Got this from here http://www.trello.org/help.html, maybe outdated?)

But when I send a request like this and set an Application name (don’t exist yet), the response is “App not found”.

To clarify: I use Trello as a CMS for our new website. I must only read the boards, and I don’t need a PowerUp (I think this is what “App” refers to?).

So, since I can’t change the token, and not change its Access rights to read at https://trello.com/my/account, how Im gonna get a new token with read access and never expires?

Ah sorry, I should have started by linking to the authorization documentation! https://developer.atlassian.com/cloud/trello/guides/rest-api/authorization/

The /app-key page is using the /1/authorize route and pre-filling parameters for you. You are free to change the route parameters (as documented on that page) to your liking.

That leads me to believe that the API key wasn’t correct.

Here are two routes with names I’ve just made up and using my own API key:

https://trello.com/1/authorize?expiration=1hour&scope=read&response_type=token&name=App%20One&key=0471642aefef5fa1fa76530ce1ba4c85

https://trello.com/1/authorize?expiration=1hour&scope=read&response_type=token&name=App%20One&key=0471642aefef5fa1fa76530ce1ba4c85

You should be able to get what you want by inserting your API key into the following:

https://trello.com/1/authorize?expiration=never&scope=read&response_type=token&name=CMS%20Integration&key=

Alright that worked lovely! Thanks Bcook!