A former colleague of mine created a power-up for Trello. We no longer need it, so we’re deleting it, but there are also some API keys and tokens we want to ensure are deleted.
So, in the “API keys” section of the power-up admin portal, there was an API key and a secret API key. I deleted the power-up, and the secret key seems to be deleted too.
Then there was the token, which I am able to obtain through this link:
There, I can authorize the power-up and get the token.
The problem is that I’m not completely sure if the API key and the token have been completely removed. Even if the power-up has been deleted, I still can access the link, authorize the power-up, and get the key.
In my account settings, I can revoke the API key, but when I authorize the power-up, the API key appears in my account settings again (under the Applications section).
I’ve tried also to delete the token via curl with the “DELETE a token” here:
But I was getting an “Invalid key” response, even if the key appears in my account settings. So it seems that everything is deleted, but it’s weird that I can re-authorize the deleted power-up, making the key to appear again in my account.
So I just want to ensure that keys and tokens are disabled, or if there is anything else I’m missing.