Hi.
I'm just started with trello automation (REST API).
I have connected telegram chat with trello for adding new cards.
But I would like to add cards from individual user.
So we need tokens to everyone in chat and connect accounts cross-platform.
It's not a big deal, but I'm concerned about security issue because having token you are grants access to all boards and all workspaces/organizations.
We need to choose either single workspace/organization nor some boards.
Is it possible create user's REST API Token for single workspace/organization?
Thanks.
Hello @Николай
In short, the answer is no. A REST API token equates to a user account, so whatever that user can do / see, then the exact same can be done / seen via their token.
You can only constrain a token to the same degree you can constrain the user who owns it.
Hello @Sunny Ape
Thanks for your reply.
Looks like we have just two options:
- create new accounts for our new project
- create account for user-bot and create cards from his name
Main reason to do so is reduce potential damage for users if their tokens will leak.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
hello @Николай
I like the idea of a 'user-bot' as I have that concept in use in my current work environment.
I use that generic user-bot account as the owner of all my important Butler workflows too, that way the actions logged in the board and card histories belong to that account, rather than a 'real person', so that people who read those entries know the difference straight away.
This tying of Butler rules to a person's account instead of a generic system / root account is one of the idiosyncrasies of Trello that you just have to live with.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.