Skip to contents

Authentication is required in order to access boards that are not public, and to make edits. This document explains how to authenticate your access to Trello.

Getting your access token

A secure token is required to authenticate your access to Trello. To obtain it, login to Trello and visit https://trello.com/app-key. You will need to do two things there:

  • Check the value of Allowed origins. Every API request comes from an “origin”, i.e. a URL. Trello API will only accept authorized requests if they come from the allowed origins list, which makes communication with web apps more secure. If you are using trelloR locally (eg. from your laptop or PC) then http://localhost:1410 is a good value to use.

  • Copy both “key” and “secret”.

Back in R, feed the key and secret to the get_token() function. This will trigger first-time authorization in the browser, allowing you to cache your token locally. You only have to do it once for a given project, unless you opt out of using cache or the cache file is deleted.

library(trelloR)
my_token = get_token("my-app", key = your_key, secret = your_secret)

This will create an object of class Trello_API_token. Functions in the TrelloR package will always try to read cached token when needed, unless you supply a token object directly. For example, any of these will work with local cache in place:

my_boards = get_my_boards()
my_boards = get_my_boards("path/to/cache/file")

# Works without a cache file, if `my_token` is a Token object.
my_boards = get_my_boards(my_token)

You can create multiple tokens with different names, scope and expiration. See ?get_token for additional arguments.

Keep your credentials safe

Keep your key, secret and any token cache in a safe, non-shared location. Using environment variables or packages like askpass are good options.

Token cache is by default stored in a file called .httr-oauth. You should avoid accidentally copying or exporting this file along with other files. To make this easier, the cache file path is automatically added to .gitignore.

If you think the token might have been compromised or you simply do not want to use it anymore, you should revoke it. Log in to Trello and access your account settings. To make it easier to recognize tokens you have created, use the appname argument when creating a token.

Built with

sessionInfo()
#> R version 4.3.1 (2023-06-16)
#> Platform: x86_64-pc-linux-gnu (64-bit)
#> Running under: Ubuntu 22.04.3 LTS
#> 
#> Matrix products: default
#> BLAS:   /usr/lib/x86_64-linux-gnu/openblas-pthread/libblas.so.3 
#> LAPACK: /usr/lib/x86_64-linux-gnu/openblas-pthread/libopenblasp-r0.3.20.so;  LAPACK version 3.10.0
#> 
#> locale:
#>  [1] LC_CTYPE=C.UTF-8       LC_NUMERIC=C           LC_TIME=C.UTF-8       
#>  [4] LC_COLLATE=C.UTF-8     LC_MONETARY=C.UTF-8    LC_MESSAGES=C.UTF-8   
#>  [7] LC_PAPER=C.UTF-8       LC_NAME=C              LC_ADDRESS=C          
#> [10] LC_TELEPHONE=C         LC_MEASUREMENT=C.UTF-8 LC_IDENTIFICATION=C   
#> 
#> time zone: UTC
#> tzcode source: system (glibc)
#> 
#> attached base packages:
#> [1] stats     graphics  grDevices utils     datasets  methods   base     
#> 
#> loaded via a namespace (and not attached):
#>  [1] vctrs_0.6.3       cli_3.6.1         knitr_1.43        rlang_1.1.1      
#>  [5] xfun_0.40         stringi_1.7.12    purrr_1.0.2       textshaping_0.3.6
#>  [9] jsonlite_1.8.7    glue_1.6.2        rprojroot_2.0.3   htmltools_0.5.6  
#> [13] ragg_1.2.5        sass_0.4.7        rmarkdown_2.24    evaluate_0.21    
#> [17] jquerylib_0.1.4   fastmap_1.1.1     yaml_2.3.7        lifecycle_1.0.3  
#> [21] memoise_2.0.1     stringr_1.5.0     compiler_4.3.1    fs_1.6.3         
#> [25] systemfonts_1.0.4 digest_0.6.33     R6_2.5.1          magrittr_2.0.3   
#> [29] bslib_0.5.1       tools_4.3.1       pkgdown_2.0.7     cachem_1.0.8     
#> [33] desc_1.4.2