Come for the products,
stay for the community

The Atlassian Community can help you and your team get more value out of Atlassian products and practices.

Atlassian Community about banner
Community Members
Community Events
Community Groups

Trello API Invalid Key


I'm trying to figure out how to use Trello API, so i started by following the help there :

So i generated the application key using the following link :

Then i tried through Postman to do a get on using my generated key

It displayed "Invalid Key"

i got something wrong ?


5 answers

Trello Support helped me to solve the problem.

There is an additional parameter, that is not documented on the aforementioned Trello API documentation pages.

One need to include the response_type=token parameter in the authorization URL in order to get the correct token.

hi Zoltan,

im facing a similar issue, can you post the final url here, is it like this?

Hi Abhishek,

in case of board, card,... requests you don't need the response_type=token parameter.

However, you need it in the URL by means you ask for your authorization token.

My Trello sandbox on JSFiddle is up to date and works fine. Try it.

Copy-paste your API key into the appropriate text field then observe the "Authorize your API Key" link.


There is a secret for OAuth listed on the page along your API key. If you were like me, you took secret and put to the request as a token. But that is wrong :-) Took me a while to figure you.

To get valid token for a request, it needs to be generated via API call below.,write,account&response_type=token&name=Server%20Token&key=YOURAPIKEY

Like Deleted user likes this
Deleted user Jan 26, 2020

I did exactly the same mistake! 🙈

The `response_type=token` parameter was missing from my Token generation URL, so it was generating the wrong type a token: a 32-characters-long one instead of 64.

Thanks for having shared this!

0 votes

can someone answer me how can I solve the invalid key?

I had this same problem and could not figure out what the issue was.  Eventually I tried pasting the URL with my API key and API token into a Chrome address bar and it returned the expected JSON.  I then wrote a quick Ruby script using the same API key and token and it also worked as expected.

That leaves me to believe there's something about the way curl handles authentication that is missing from the documentation on the developer site.  That's really unfortunate because anyone trying to get their authentication working would reasonably assume they were doing something wrong if they follow the directions to the letter and don't get the expected results.

After playing around with this, I've found that when using `curl` you need to put the URL in quotations. Otherwise, `curl` doesn't interpret it as a continuation of the URL and bash picks it up and backgrounds the command.

I'm going through the documentation now to make sure that curl examples include quotations around the URLs.

For reference, this:


should be:

curl `{apiKey}&token={apiToken}`

Hi guys,


almost the same issue in my case too. The only difference is that, Trello gives me token of 32 hex digits. (not 64 digits)

On the Developer API Keys page I grab my API Key, then in the following URL I substitute it in place of KKK and hit the URL in a browser:,write,account

Response from Trello:

You have granted access to your Trello information.

To complete the process, please give this verification code:

<hex string of 32 hex digits>

Substituting my API Key and Token I hit the following link in a browser:

Response from Trello:

Oh no! 401!

Taco says “invalid token”, but what does he know? He's just a dog.

See my experiment in JSFiddle.


How are you submitting the request? Are you sure the parameters are encoded and passed correctly?

@Oscar_Triscon, at this stage the only 3 parameters are the 'me' literal, the API Key and the Token. The hex digits of the API Key and Token have no special meaning in URLs. What and why sould we encode?


Unfortunately not only my code doesn't work, but the live help fails too.

I fill my API Key, Token and the id parameters in, click the Try it and get practically the same error message from Trello:

401 Unauthorized

You couldn't be authenticated


Does anyone have any idea what do I wrong?

The token is 64 hex chars, so there's something wrong there.

Have you tried using the Token link in the page you used to get the app key (

0 votes

That documentation seems terribly outdated. Please, check here instead:

Perhaps it's outdated but it's a good step by step explanations, i already tried to follow the instructions on but there's missing steps i guess.

I need to make a simple POC using Postman on how to get authorisation to acces to a board, and then to post a copy command to this board, it's as simple as that, then for developpment purpose we will take a look at the documentation

Like VladLee likes this

The guide you followed is outdated. Authentication now requires both an key and a token. Start by generating a key here. Then, follow the instructions on that page to generate the token.

Once you have both, you send them with your requests like this:
Like Asylbek Kenzhebaev likes this

This is exactly what i've done but it says :


Oh no! 401!

Taco says “invalid key”, but what does he know? He's just a dog.

Like # people like this

Some things to check:
- Does your app key look like an hexadecimal alphanumeric string (containing only numbers 0-9 and letters 'a' to 'f') of 32 characters in length?

- Similarly, does your token look like an hexadecimal string with length 64?

- How are you submitting the request? Are you sure the parameters are encoded and passed correctly?

Key & Token was inverted so now key is 32 hex and Token is 64 hex but now it says token is invalid :)

And i tried both on a browser and on Postman, same error.


Oh no! 401!

Taco says “invalid token”, but what does he know? He's just a dog.

Make sure you generated the app key and the token in the same session (i.e. make sure you're not using the key you generated originally with the other instructions).

Also, make sure that the format of the URL is correct. Notice in particular that it's an ampersand between the key and token parameters: ?key=APPKEY&token=TOKEN

I just reloader the page

Got the key and the token

Copied/past your link on the comment :

Replaced the key and the token with the correct values and got the same invalid token message :|

What i'm doing wrong !!


Oh no! 401!

Taco says “invalid token”, but what does he know? He's just a dog.

It's working for me, and it's very hard to imagine what you could be doing wrong without seeing what you're doing.

Are you adding spaces to either side of the APPKEY or TOKEN?

What is the total length of the URL you're requesting?

No spaces and the total length is 163

:( it's crazy !!

I just copy past your link and copy past key and token on a browser, nothing more than that

Sounds like you're using the wrong token, or the token has been revoked.

Even after reloading the page

it gives me the same Token... i think it's time to ask for support

That's normal. What that page gives you is the app key, which never changes.

The token only appears after you click on the relevant link within the page. This requests authorization (and login if necessary) through a popup.

Once you've completed the authorization flow, it will give you the token. If you've already authorized before, the token will also not change.

For me it was case sensitive on one of the other paramers idList in my case but it kept telling me it was an invalid key which was misleading as I was just paste in the key and token values.

Suggest an answer

Log in or Sign up to answer

Atlassian Community Events