Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Products
See all
Community resources
Interests
See all
Community resources
Top groups
Explore all groups
Community resources

Come for the products,
stay for the community

The Atlassian Community can help you and your team get more value out of Atlassian products and practices.

Get started Tell me more
Atlassian Community about banner
4,301,314
Community Members
 
Community Events
165
Community Groups

REST API: Token for single workspace/organization or some boards

Edited
Николай
Николай Sep 11, 2021

Hi.

I'm just started with trello automation (REST API).
I have connected telegram chat with trello for adding new cards.
But I would like to add cards from individual user.
So we need tokens to everyone in chat and connect accounts cross-platform.

It's not a big deal, but I'm concerned about security issue because having token you are grants access to all boards and all workspaces/organizations.

We need to choose either single workspace/organization nor some boards.

Is it possible create user's REST API Token for single workspace/organization?

Thanks.

Answer
Watch
Like Be the first to like this
236 views

1 answer

0 votes
David Bakkers
David Bakkers Sep 11, 2021

Hello @Николай 

 

In short, the answer is no. A REST API token equates to a user account, so whatever that user can do / see, then the exact same can be done / seen via their token.

You can only constrain a token to the same degree you can constrain the user who owns it.

View More Comments
Николай
Николай Sep 12, 2021

Hello @David Bakkers 

Thanks for your reply.

Looks like we have just two options:
- create new accounts for our new project
- create account for user-bot and create cards from his name

Main reason to do so is reduce potential damage for users if their tokens will leak.

Like
David Bakkers
David Bakkers Sep 12, 2021

hello @Николай 

I like the idea of a 'user-bot' as I have that concept in use in my current work environment.

I use that generic user-bot account as the owner of all my important Butler workflows too, that way the actions logged in the board and card histories belong to that account, rather than a 'real person', so that people who read those entries know the difference straight away.

This tying of Butler rules to a person's account instead of a generic system / root account is one of the idiosyncrasies of Trello that you just have to live with.

Like
Reply

Suggest an answer

Log in or Sign up to answer
Trello
Trello
TAGS
Community showcase
Monique vdB
Monique vdB
Posted in Trello

Taco Tuesday: New years' resolutions with Trello

Congratulations to @Laura Holton , our latest winner of Taco Tuesday! And thanks to @Kristján Geir Mathiesen for sharing the picture of Taco having fun with his new friend  B...

2,409 views 28 42
Join discussion

Community Events

Connect with like-minded Atlassian users at free events near you!

Find an event

Connect with like-minded Atlassian users at free events near you!

Unfortunately there are no Community Events near you at the moment.

Host an event

You're one step closer to meeting fellow Atlassian users at your local event. Learn more about Community Events

Events near you