A pop-up survey could appear while you're here --curious what it's for? Click here to learn more!

×
Forums
Home Q&A Discussion groups Articles Ask a question Search
Learning
Events
Champions
Community
Forums
Home Q&A Discussion groups Articles Ask a question Search
Learning Events Champions
Forums
Home Q&A Discussion groups Articles Ask a question Search
Learning Events Champions

Forums

Articles
Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Q&A
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Built a Trello Power-Up as a non-developer — anyone else tried this?

Vašek Burian
Vašek Burian
May 16, 2026

Hi Trello community 👋

I'm a graphic designer and 3D artist. I use Trello every day for project management, and for a long time I had one specific frustration — I'd write a comment at 10pm knowing it should go out Monday morning at 9am. There was no native way to do that. Every alternative I found was either too expensive, required Zapier, or needed a separate login.

So I built one myself. PrimeScheduler is a Trello Power-Up that lets you schedule card comments to send automatically at the right time — directly from the card, without leaving Trello.

The honest truth: I'm not a developer. I'm a designer who knows his way around Git and can read code, but I'd never built a backend service or published anything to a marketplace before.

Here's what made it possible:

  • Claude (AI) — pair programmed the entire thing with me, from architecture to edge cases
  • Upstash — serverless Redis for storing tokens + QStash for scheduling the actual comment delivery
  • Vercel — serverless functions for the backend, zero infrastructure to manage
  • Paddle — handles all payments and VAT globally as Merchant of Record
  • GitHub Pages → Vercel — started on GitHub Pages, moved to Vercel when Trello required CSP headers

The Trello review process was thorough — CSP headers, GDPR compliance polling API, console errors — but the team was helpful throughout.

The Power-Up is free for the first 5 comments, then $4.99/month or $47.90/year for unlimited.

If you've ever wished you could schedule a Trello comment, give it a try: 👉 https://prime-scheduler.vercel.app

Happy to answer any questions about the build process!
test.gif

Answer
Watch
Like Be the first to like this
214 views

2 answers

2 accepted

0 votes
Answer accepted
Oleksandr
Oleksandr
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Champions.
Get recognized
June 3, 2026

Hi Vašek,

When building Power-Ups with AI, security can be one of the hardest things to evaluate without a development background.

AI can write code that works, but unless you explicitly ask it to review security, it may choose the simplest implementation. It is easy to miss tokens being passed in URLs, secrets appearing in logs, overly broad permissions, or sensitive data being stored incorrectly.

It is also important to assume that some users will modify URLs and request parameters to try to access data belonging to other users on your server.

How did you approach security checks for PrimeScheduler?

View More Comments
Vašek Burian
Vašek Burian
June 5, 2026

Hi Olexandr, great question — and honestly one I had to think hard about given that I'm coming from a design background, not a development one.

Here's how I approached it:

Tokens never appear in URLs. All OAuth tokens are transmitted in POST request bodies only, never as query parameters — so they don't end up in server logs or browser history.

Tokens are encrypted at rest. Before storing a Trello OAuth token in Redis, it gets encrypted with AES-256-GCM. The encryption key lives in environment variables, never in code or version control.

Token ownership is verified on every request. This was the one I thought about most. Before scheduling a comment or revoking access, the backend calls the Trello API with the provided token and confirms the returned member ID actually matches the requested member ID. So even if someone knows another user's memberId, they can't do anything with it without the matching token — and even then, the token has to actually belong to that member.

Scheduled delivery is authenticated. The delivery endpoint only accepts requests cryptographically signed by Upstash QStash. Nobody can trigger comment delivery by hitting the URL directly.

Everything expires automatically. Job data in Redis expires 48 hours after scheduled delivery. Tokens expire after a year or when explicitly revoked by the user.

One thing I've flagged for improvement — the /api/plan endpoint currently doesn't require auth, so technically anyone could query whether a given memberId is on the free or Pro plan. Not a real data breach, but worth tightening.

I'll be honest — I couldn't have reasoned through all of this without AI assistance. But I think that's kind of the point: the tools exist now to build things responsibly even if you're not a seasoned backend developer, as long as you ask the right questions.

Is there anything specific you'd like me to dig into further? Happy to share more details on any part of the implementation.

Like
Reply
0 votes
Answer accepted
Treezy-nikee
Treezy-nikee
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
Get involved
May 24, 2026

Massive respect for shipping this. I’m in a similar lane building products without a CS background and that gap between having an idea and building something real has gotten way smaller. What helped me most was reading real Power Up code, using AI to understand changes instead of just copying, and keeping the first version painfully small so it works before it looks good. The iframe model and Trello API can be weird at first, but once that clicks it gets easier. Curious what your Power Up does, a 3D artist’s take on project management sounds interesting.

View More Comments
Vašek Burian
Vašek Burian
May 28, 2026

haha yeah that gap is real. and same on the AI thing — understanding *why* something works instead of just pasting and praying was the shift for me too.

Prime Scheduler is basically just a "schedule a comment" button that lives on the card. Trello's native version of this was kind of painful — copy the card email, switch to your inbox, write the thing, tag people manually... for something I need to do constantly it was way too many steps. Now it’s one click from inside the card.

I'm a 3D artist so I’m always pinging clients or team at specific points in a render/feedback cycle — that’s basically what pushed me to just build it. what’s yours doing?

Like
Reply

Suggest an answer

Log in or Sign up to answer
Trello
Trello
DEPLOYMENT TYPE
CLOUD
PRODUCT PLAN
FREE
TAGS
AUG Leaders

Atlassian Community Events

    See all events
    Community
    Forums
    FAQs Forums guidelines
    Learning
    About learning Resources
    Events
    Champions
    Copyright © 2026 Atlassian
    Privacy Policy Notice at Collection Terms Security