javascript - team - trello token

Display cards from a private Trello board without visitors needing a Trello account, or them needing to authorize via popup (2)

My company has a list of current projects on Trello (private board), and we'd love to display them on our website by connecting to the board so that they're always up-to-date.

Using this example, I can now pull cards and render them on the page, but only after you click "Connect to Trello".

Why does a user need to connect at all? They're MY cards on MY board, so is there a way to them the cards (they would only need to be read-only...users cannot edit/interact with them)? Trello should only have to authenticate me, not visitors to my website.

Are there any code solutions?

Here's my current JS snippet:

    <script src="[MY-APP-KEY]"></script>

  var onAuthorize = function() {

      Trello.members.get("me", function(member){          
          var $item = "<tr><td class='subhead disabled'>Loading projects...</td></tr>";

          // Output a list of all of the cards that the member 
          // is assigned to
          Trello.lists.get("[MY-TRELLO-LIST-ID]/cards", function(cards) {
              $item = "";
              $.each(cards, function(ix, card) {
                  // OUTPUT THEM ON THE PAGE

  var updateLoggedIn = function() {
      var isLoggedIn = Trello.authorized();

  var logout = function() {

      success: onAuthorize


After scouring the web, I found a great solution by the wonderful team over at HappyPorch.

HappyPorch's original solution post.

From an email thread with Ondrej at HappyPorch:

The high-level overview is as follows:

  1. You need a Trello account that has access to the board(s). You can use your personal one, or create a "service account" to keeps things (permissions) isolated.

  2. You need to create a small admin app using the Trello API, which will prompt for the login, and request an access token. You will see a login dialog, you will log in with the desired (service) account. Then, using the Javascript API, you will extract the security token.

  3. In your real application you will use the Trello API again. Instead of prompting for login though, you will set the token you previously extracted; the users will then interact with Trello API on behalf of the account that was used to generate the token.

Relevant code snippets:

The use case is that you own boards that you just want to show someone, so there's no reason that they (the user...visitors to your webpage...whoever) should have to authenticate anything, let alone even need a Trello account at all. They're YOUR boards, so Trello just needs to verify that YOU have access...not anyone else.

Per HappyPorch's tutorial, I created a tiny authenticate.html page that is otherwise empty. I visit this page once to authenticate the service account and grab the token by printing it to the console.


<script src=" ACCOUNT"></script> <!-- Get yours here -->
// Obtain the token
var authenticationSuccess = function () {
    var TOKEN = Trello.token();

var authenticationFailure = function () {
    alert("Failed authentication");

// Force deauthorize
    name: "Preauthorize a Shared Service Account",
    scope: {
        read: true,
        write: true
    type: "popup",
    expiration: "never",
    persist: false,
    success: authenticationSuccess,
    error: authenticationFailure

Once you get the token from your tiny authentication app, you are now ready to use it on whatever pages you want to display your Trello cards. If you are doing it with Trello's client.js methods, use the token that you printed to the console and set the token below.


Trello.get("members/me/cards", function(cards) {
     $.each(cards, function(ix, card) {
         .attr({href: card.url, target: "trello"})

The code snippet above is from this jsFiddle, but I'm just showing how the token fits into the flow of pulling data from Trello.

But this exposes my token to the world, and anyone who sees this token can do malicious things to my board!

Well yeah, you're right. Which is why it's better to do this stuff server-side.

So instead, I use this small Trello PHP wrapper to help me do all of this server side.

Here's what it looks like on my page where I wanted to display my Trello cards. In the example below, I'm pulling from a specific list. If you're trying to find your own listID, check out Section 3 on this page.


    include "PATH-TO/Trello.php"; // Trello.php is from the PHP wrapper mentioned above
    $key = "SERVICE-ACCOUNT-APP-KEY"; // get yours at
    $trello = new \Trello\Trello($key, null, $token);

    foreach($trello->lists->get("YOUR-LIST-ID/cards") as $card) {
        echo($card->name." | ".$card->url."\n");


  1. Create a new Trello "service" account that you add to any boards you want to show. A service account isn't yourself could be the account...but keeping it separate protects you from people leaving the company, etc.

  2. Create a tiny app (really just a one-time use webpage) that goes through the usual Trello authentication process with the popup and what not. You will login/authenticate from the service account that you just created. This will give you a unique token that lets Trello know that you're legit, and that you have access.

  3. Use this token (think of it like a VIP access badge) on any page you want to show cards. Your users won't ever see that Trello authentication popup because we've already shown Trello our VIP access badge.

  4. Print out cards, boards, etc! Rejoice, because you can now show anyone cards without them needing a Trello account.

Many thanks again to Ondrej and the folks over at HappyPorch for their useful post, and willingness to help out a UX Designer who likes to pretend to know how to code :)

I don't think you can do this entirely on the client-side. You can connect to the Trello via an authenticated API call from your server, which in turn sends that data to the clients browser, perhaps via an AJAX call or similar.