Trello API: error getting actions for a member of an organization

aimeefurber · August 25, 2022, 11:25pm

We’re getting errors listing actions for a member of an organization who is not the member who created the auth token.

Org has two members:
A - admin
B - admin, who created the token we’re using to make API calls

Calls to https://api.trello.com/1/organizations/{org-id}/members?fields=all return both A and B as members.

Calls to https://api.trello.com/1/members/{user B ID}/actions return actions.

Calls to https://api.trello.com/1/members/{user A ID}/actions return 500 error codes. After a few retries they return 1001.

If we make these same calls using a token generated by user A we are able to list actions for both user A and user B.

Both users are admins.

Any idea what might be going on? Thanks!

bentley · August 26, 2022, 2:27pm

What is the error message you’re getting back?

aimeefurber · August 26, 2022, 6:18pm

First attempt → resulting in 500:

{
  "integrationName": "trello",
  "integrationType": "v2-resource",
  "body": "SW50ZXJuYWwgU2VydmVyIEVycm9y",
  "status_code": 500,
  "body_size": 21,
  "headers": {
    "X-Rate-Limit-Api-Token-Interval-Ms": [
      "10000"
    ],
    "X-Rate-Limit-Api-Token-Max": [
      "100"
    ],
    "X-Rate-Limit-Db-Query-Time-Interval-Ms": [
      "600000"
    ],
    "Server": [
      "globaledge-envoy"
    ],
    "Date": [
      "Tue, 23 Aug 2022 23:10:46 GMT"
    ],
    "Content-Type": [
      "text/plain; charset=utf-8"
    ],
    "Cache-Control": [
      "no-store, no-cache, must-revalidate, proxy-revalidate"
    ],
    "X-Rate-Limit-Api-Token-Remaining": [
      "96"
    ],
    "X-Rate-Limit-Api-Key-Interval-Ms": [
      "10000"
    ],
    "Strict-Transport-Security": [
      "max-age=63072000; preload"
    ],
    "Nel": [
      "{\"report_to\": \"endpoint-1\", \"max_age\": 600, \"include_subdomains\": true, \"failure_fraction\": 0.001}"
    ],
    "X-Frame-Options": [
      "DENY"
    ],
    "Pragma": [
      "no-cache"
    ],
    "Access-Control-Allow-Origin": [
      "*"
    ],
    "X-Content-Type-Options": [
      "nosniff"
    ],
    "Access-Control-Allow-Methods": [
      "GET, PUT, POST, DELETE"
    ],
    "Access-Control-Expose-Headers": [
      "x-rate-limit-api-key-interval-ms, x-rate-limit-api-key-max, x-rate-limit-api-key-remaining, x-rate-limit-api-token-interval-ms, x-rate-limit-api-token-max, x-rate-limit-api-token-remaining"
    ],
    "X-Rate-Limit-Db-Query-Time-Max": [
      "7200000"
    ],
    "Atl-Traceid": [
      "c126cbaac1307601"
    ],
    "X-Download-Options": [
      "noopen"
    ],
    "X-Trello-Version": [
      "1.150589.0"
    ],
    "X-Xss-Protection": [
      "1; mode=block"
    ],
    "Expect-Ct": [
      "report-uri=\"https://web-security-reports.services.atlassian.com/expect-ct-report/trello-edge\", max-age=86400"
    ],
    "Report-To": [
      "{\"group\": \"endpoint-1\", \"max_age\": 600, \"endpoints\": [{\"url\": \"https://dz8aopenkvv6s.cloudfront.net\"}], \"include_subdomains\": true}"
    ],
    "Access-Control-Allow-Headers": [
      "Authorization, Accept, Content-Type"
    ],
    "X-Rate-Limit-Api-Key-Max": [
      "300"
    ],
    "X-Rate-Limit-Member-Remaining": [
      "371"
    ],
    "X-Rate-Limit-Api-Key-Remaining": [
      "296"
    ],
    "X-Rate-Limit-Member-Max": [
      "375"
    ],
    "X-Permitted-Cross-Domain-Policies": [
      "none"
    ],
    "Expires": [
      "0"
    ],
    "Set-Cookie": [
      "redacted"
    ],
    "X-Envoy-Upstream-Service-Time": [
      "63"
    ],
    "X-Dns-Prefetch-Control": [
      "off"
    ],
    "Surrogate-Control": [
      "no-store"
    ],
    "X-Rate-Limit-Db-Query-Time-Remaining": [
      "7199990"
    ],
    "X-Rate-Limit-Member-Interval-Ms": [
      "10000"
    ],
    "Content-Length": [
      "21"
    ],
    "Referrer-Policy": [
      "strict-origin-when-cross-origin"
    ],
    "X-Trello-Environment": [
      "Production (Micros)"
    ]
  },
  "url": "https://api.trello.com/1/members/{member-id}/actions?before=2022-08-23T23%3A10%3A45Z\u0026fields=date%2CidMemberCreator%2Ctype\u0026limit=1000\u0026member=false\u0026memberCreator=false\u0026page=0\u0026since=2021-08-23T23%3A10%3A45Z",
  "host": "api.trello.com",
  "method": "GET",
  "path": "/1/members/{member-id}/actions",
  "query": "before=2022-08-23T23%3A10%3A45Z\u0026fields=date%2CidMemberCreator%2Ctype\u0026limit=1000\u0026member=false\u0026memberCreator=false\u0026page=0\u0026since=2021-08-23T23%3A10%3A45Z",
  "scheme": "https",
  "additionalData": {}
}

4 more attempts return the same 500 response

Fifth attempt resulting in 1001 error code:

{
  "integrationName": "trello",
  "integrationType": "v2-resource",
  "body": {
    "error": "Get \"https://api.trello.com/1/members/{member-id}/actions?before=2022-08-23T23%3A10%3A45Z\u0026fields=date%2CidMemberCreator%2Ctype\u0026limit=1000\u0026member=false\u0026memberCreator=false\u0026page=0\u0026since=2021-08-23T23%3A10%3A45Z\": net/http: request canceled"
  },
  "status_code": 1001,
  "body_size": 294,
  "headers": {},
  "url": "https://api.trello.com/1/members/{member-id}/actions?before=2022-08-23T23%3A10%3A45Z\u0026fields=date%2CidMemberCreator%2Ctype\u0026limit=1000\u0026member=false\u0026memberCreator=false\u0026page=0\u0026since=2021-08-23T23%3A10%3A45Z",
  "host": "api.trello.com",
  "method": "GET",
  "path": "/1/members/{member-id}/actions",
  "query": "before=2022-08-23T23%3A10%3A45Z\u0026fields=date%2CidMemberCreator%2Ctype\u0026limit=1000\u0026member=false\u0026memberCreator=false\u0026page=0\u0026since=2021-08-23T23%3A10%3A45Z",
  "scheme": "https",
  "additionalData": {}
}

bentley · August 29, 2022, 1:29pm

Can you share the API key you are using to make these requests?

API keys are OK to be shared publicly. API tokens are secret and should never be shared.

I’ll use your key to go poking around in our API logs to get a better understanding of what is happening.

aimeefurber · August 30, 2022, 9:30pm

Thank you!!

API key is baaf82ecb3ca585b15389f41b6f87c69

(Same key is used here as well: Trello API: Errors getting members of an enterprise)

bentley · September 1, 2022, 3:39pm

100% of the 504’s you’ve received for this API key in the last 7 days were the result of a request to /1/enterprises/{id}/members with the query params including fields=all. And it looks like they are all failing because the response size is too big. Unfortunately, this is one of those requests that is technically well-formed, but that Trello’s server is unable to respond to due to the size of the response.

The request should be split up into smaller requests. For instance, you could do 1/enterprises/{id}/members?fields=id and then iterate over the ids from that response and make a 1/members/{id} call for each.

aimeefurber · September 1, 2022, 4:41pm

Thanks for digging in to this!

That makes sense for the enterprise requests here.

In the case I described above I know that the org only has two members, so I feel like something else might be going on. What would allow one users token to get both members, but not the other users token? Both members are admins.

Thanks again!