Trello authorize app across multiple users

Dear Trello Community,

I created a company web app that interfaces with Trello. The Web App acts as an entry point and captures data, which is then fed to the Trello API to create / update cards. I created an “interface user”, to be the intermediary. I generated a key and a token for this interface user and the app submits trello api requests on behalf of my actual users.

In the next release of this company app, we wish to roll out to a bunch of users. I would like to change the logic of the authentication to “authorize” the web app to use each person’s account instead of this one interface user.

Using this article (How to get a new API-Token?), I ran a test to flesh out the architecture…

My original account

Trello_interface, key = 8cf71593e2ebc58a2911081c788bd744, Token = TOKEN_A.

In Postman, when I run, I get a valid return.

I have another account… trellodev and I logged into it.

I then placed this call into a browser,,write,account&response_type=token&key=8cf71593e2ebc58a2911081c788bd744. I used the same key as trello_interface. I received an authorization token, say TOKEN_B

In Postman, when I run, I get a “invalid token”.

What am I doing wrong?


Trello API key is tied to a user. You cannot use the same API key to generate a token for another account (trellodev). You can go to in order to retrieve the API key for the account you’re logged in to.

Let me know whether it helped :slight_smile:


I understand that will work… if the users generated their own api keys. I thought based on the article the api key acts as an “app key” of sorts and you use it to request different tokens, including tokens for different users once they approved app access to the account.

My question now is… how do I programmatically get each user’s api key and token that is going to use the company app? Can I make a REST call to to get the app key, then run 1/authorize for the token? Or does each user need to manually get their api key, send it to me, then I store it in a database?

FYI… I forgot to mention… thank you very much for your reply and I appreciate any insight you can offer in helping me with Trello authorization / integration.

Thanks! Craig

Your understanding of the authorization flow is correct and the process you are trying to follow is the right one. You should only use the one API key to generate tokens for each user. One key and many tokens.

I’m surprised by this. If you’re logged in as the second user, do you see meta-data for the token that was generated when you go to:

That API endpoint should list all of the tokens that belong to the user.


Yes I do. In the meta-data, it lists the correct identifier: CE Webtools. It also lists the correct expiration, and permissions. I cannot see the key anywhere to validate it.

Bentley, Valentyn, et. al.,

Didn’t realize that you can just use vs. I changed that in Postman. They both work though.

Well, you’re not going to believe this but…

So, for grins and giggles, I opened 2 new Postman tabs. I pasted the 2 urls… one in each tab

Same key, 2 different tokens. They both returned successful!

I went back to the offending Postman tab. I compared EVERY character in the url. It all matched. Still returned “invalid token”. I don’t know what was screwy about that tab. But, I will simply move on with this approach since it is actually working.

You can consider this thread closed. Yeehah!


The api.-less URL shouldn’t be used for anything other than poking around. Although it does work, it is reserved for use by first-party clients. It is a great way to quickly test API routes though because it will use your logged-in Trello user’s authentication if no key/token are present.