Forums

Articles
Create
cancel
Showing results for 
Search instead for 
Did you mean: 

REST API: Token for single workspace/organization or some boards

Mykola
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
September 11, 2021

Hi.

I'm just started with trello automation (REST API).
I have connected telegram chat with trello for adding new cards.
But I would like to add cards from individual user.
So we need tokens to everyone in chat and connect accounts cross-platform.

It's not a big deal, but I'm concerned about security issue because having token you are grants access to all boards and all workspaces/organizations.

We need to choose either single workspace/organization nor some boards.

Is it possible create user's REST API Token for single workspace/organization?

Thanks.

1 answer

0 votes
Sunny Ape
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
September 11, 2021

Hello @Николай 

 

In short, the answer is no. A REST API token equates to a user account, so whatever that user can do / see, then the exact same can be done / seen via their token.

You can only constrain a token to the same degree you can constrain the user who owns it.

Mykola
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
September 12, 2021

Hello @Sunny Ape 

Thanks for your reply.

Looks like we have just two options:
- create new accounts for our new project
- create account for user-bot and create cards from his name

Main reason to do so is reduce potential damage for users if their tokens will leak.

Sunny Ape
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
September 12, 2021

hello @Николай 

I like the idea of a 'user-bot' as I have that concept in use in my current work environment.

I use that generic user-bot account as the owner of all my important Butler workflows too, that way the actions logged in the board and card histories belong to that account, rather than a 'real person', so that people who read those entries know the difference straight away.

This tying of Butler rules to a person's account instead of a generic system / root account is one of the idiosyncrasies of Trello that you just have to live with.

Suggest an answer

Log in or Sign up to answer
TAGS
AUG Leaders

Atlassian Community Events