Summary and recommendation
Trello's REST API is available at https://api.trello.com/1 and uses OAuth 1.0-not OAuth 2.0-requiring explicit OAuth 1.0 library support. API Key + Token pairs are the practical alternative for server-to-server flows; tokens can be set to expire in 1 hour, 1 day, 30 days, or never at generation time.
Rate limits apply at two levels: 300 requests per 10 seconds per API key, and 100 requests per 10 seconds per token. HTTP 429 is returned on breach; Atlassian recommends exponential backoff. X-RateLimit-* headers may be present but are not documented as stable.
For automated provisioning at scale, Stitchflow connects via an MCP server with ~100 deep IT/identity integrations, covering the full Trello user lifecycle alongside the broader Atlassian ecosystem without requiring teams to build and maintain custom API orchestration.
API quick reference
| Has user API | Yes |
| Auth method | API Key + OAuth 1.0 token (or API Key + Token for server-to-server) |
| Base URL | Official docs |
| SCIM available | Yes |
| SCIM plan required | Trello Enterprise + Atlassian Guard (Guard Standard included with Trello Enterprise) |
Authentication
Auth method: API Key + OAuth 1.0 token (or API Key + Token for server-to-server)
Setup steps
- Go to https://trello.com/app-key to obtain your API Key and Secret.
- For user-context requests, direct the user through the OAuth 1.0 flow at https://trello.com/1/OAuthAuthorizeToken to obtain an access token.
- For server-to-server or personal scripts, generate a Token manually from the same app-key page.
- Pass credentials as query parameters: ?key={apiKey}&token={token} on every request, or use an Authorization header per OAuth 1.0 spec.
Required scopes
| Scope | Description | Required for |
|---|---|---|
| read | Read access to boards, members, organizations, and cards the token owner can see. | GET member/profile, GET organization members |
| write | Create and update boards, cards, and organization membership. | Inviting/removing members, updating member details |
| account | Read and write access to the token owner's account details (email, avatar, etc.). | Updating the authenticated member's own profile |
User object / data model
| Field | Type | Description | On create | On update | Notes |
|---|---|---|---|---|---|
| id | string | Unique member ID (24-char hex) | system-generated | immutable | Used as primary key in all member endpoints |
| username | string | Unique Trello username | required | writable | Lowercase, alphanumeric + underscores |
| fullName | string | Display name | required | writable | |
| string | Primary email address | required | writable (own account only) | Only returned with account scope | |
| initials | string | Up to 4-character initials | auto-derived | writable | |
| avatarUrl | string | URL to avatar image | null | writable via upload | |
| avatarHash | string | Hash for avatar CDN URL construction | null | read-only | |
| bio | string | Short biography | optional | writable | |
| url | string | Profile URL on trello.com | system-generated | immutable | |
| memberType | string | normal | ghost | virtual | system-set | read-only | |
| status | string | disconnected | idle | active | system-set | read-only | |
| confirmed | boolean | Whether email is confirmed | false until confirmed | read-only | |
| products | array |
Trello product subscriptions | system-set | read-only | |
| idOrganizations | array |
IDs of workspaces the member belongs to | empty | managed via org endpoints | |
| idBoards | array |
IDs of boards the member has access to | empty | managed via board endpoints | |
| prefs | object | Member preferences (locale, colorBlind, etc.) | defaults | writable (own account) | |
| loginTypes | array |
Authentication methods (password, google, etc.) | system-set | read-only |
Core endpoints
Get authenticated member
- Method: GET
- URL:
https://api.trello.com/1/members/me - Watch out for: Email is only returned when the token has the 'account' scope.
Request example
GET /1/members/me?key={key}&token={token}
Response example
{
"id": "5e9f8f8f8f8f8f8f8f8f8f8f",
"username": "jdoe",
"fullName": "Jane Doe",
"email": "jane@example.com"
}
Get member by ID or username
- Method: GET
- URL:
https://api.trello.com/1/members/{id} - Watch out for: Email is not returned unless the requesting token owns the account.
Request example
GET /1/members/jdoe?key={key}&token={token}
Response example
{
"id": "5e9f...",
"username": "jdoe",
"fullName": "Jane Doe",
"memberType": "normal"
}
Update member profile
- Method: PUT
- URL:
https://api.trello.com/1/members/{id} - Watch out for: Members can only update their own profile; admin tokens cannot update other members' profiles via this endpoint.
Request example
PUT /1/members/me?key={key}&token={token}
Body: {"fullName":"Jane Smith","bio":"Engineer"}
Response example
{
"id": "5e9f...",
"fullName": "Jane Smith",
"bio": "Engineer"
}
Get workspace members
- Method: GET
- URL:
https://api.trello.com/1/organizations/{id}/members - Watch out for: Returns all member types including guests. Use ?filter=admins to restrict.
Request example
GET /1/organizations/myworkspace/members?key={key}&token={token}
Response example
[
{"id":"5e9f...","username":"jdoe","fullName":"Jane Doe","memberType":"normal"}
]
Add/invite member to workspace
- Method: PUT
- URL:
https://api.trello.com/1/organizations/{id}/members/{idMember} - Watch out for: type must be 'normal' or 'admin'. Inviting by email uses PUT /organizations/{id}/members with email param instead.
Request example
PUT /1/organizations/myworkspace/members/jdoe?key={key}&token={token}
Body: {"type":"normal"}
Response example
{
"id": "5e9f...",
"members": [...]
}
Remove member from workspace
- Method: DELETE
- URL:
https://api.trello.com/1/organizations/{id}/members/{idMember} - Watch out for: Removes the member from the workspace but does not deactivate the Trello account.
Request example
DELETE /1/organizations/myworkspace/members/5e9f...?key={key}&token={token}
Response example
{
"id": "5e9f...",
"members": [...]
}
Get board members
- Method: GET
- URL:
https://api.trello.com/1/boards/{id}/members - Watch out for: Does not include virtual/ghost members by default.
Request example
GET /1/boards/{boardId}/members?key={key}&token={token}
Response example
[
{"id":"5e9f...","username":"jdoe","fullName":"Jane Doe"}
]
Add member to board
- Method: PUT
- URL:
https://api.trello.com/1/boards/{id}/members/{idMember} - Watch out for: type can be 'admin', 'normal', or 'observer'. Observer is a Premium/Enterprise feature.
Request example
PUT /1/boards/{boardId}/members/{memberId}?key={key}&token={token}
Body: {"type":"normal"}
Response example
{
"id": "...",
"members": [...]
}
Rate limits, pagination, and events
- Rate limits: Trello enforces rate limits per API key and per token. Limits are applied at the application level (per API key) and per user token.
- Rate-limit headers: Yes
- Retry-After header: No
- Rate-limit notes: HTTP 429 is returned when limits are exceeded. Atlassian recommends exponential backoff. Headers such as X-RateLimit-* may be present but are not formally documented as stable.
- Pagination method: offset
- Default page size: 50
- Max page size: 1000
- Pagination pointer: limit / before / since
| Plan | Limit | Concurrent |
|---|---|---|
| All plans (per API key) | 300 requests per 10 seconds | 0 |
| All plans (per token/user) | 100 requests per 10 seconds | 0 |
- Webhooks available: Yes
- Webhook notes: Trello supports webhooks via the REST API. Webhooks are registered against a model (board, card, member, organization) and POST a JSON payload to a callback URL when the model changes.
- Alternative event strategy: Poll GET /members/{id} or GET /organizations/{id}/members for changes if webhooks are not feasible.
- Webhook events: updateMember, addMemberToBoard, removeMemberFromBoard, addMemberToOrganization, removeMemberFromOrganization, makeAdminOfBoard, makeNormalMemberOfBoard, makeAdminOfOrganization, makeNormalMemberOfOrganization
SCIM API status
SCIM available: Yes
SCIM version: 2.0
Plan required: Trello Enterprise + Atlassian Guard (Guard Standard included with Trello Enterprise)
Endpoint: https://api.atlassian.com/scim/directory/{directoryId}
Supported operations: GET /Users, GET /Users/{userId}, POST /Users, PUT /Users/{userId}, PATCH /Users/{userId}, DELETE /Users/{userId}, GET /Groups, GET /Groups/{groupId}, POST /Groups, PUT /Groups/{groupId}, PATCH /Groups/{groupId}, DELETE /Groups/{groupId}
Limitations:
- SCIM is managed at the Atlassian organization (Guard) level, not directly in Trello; it provisions Atlassian accounts that then access Trello.
- SSO must be configured before enabling SCIM provisioning.
- Deprovisioning via SCIM deactivates the Atlassian account across all Atlassian products, not just Trello.
- Supported IdPs with native connectors: Okta, Microsoft Entra ID (Azure AD), Google Workspace, OneLogin (via generic SCIM).
- directoryId is obtained from the Atlassian Admin console under Security > Identity providers.
Common scenarios
Listing all workspace members requires a GET to /organizations/{orgId}/members with read scope. Email addresses are not returned in this response regardless of scope-they are only accessible via a token that belongs to the member themselves, which is a hard API constraint with no workaround through the REST layer.
Provisioning new users at Enterprise requires the SCIM 2.0 API at https://api.atlassian.com/scim/directory/{directoryId}-a separate endpoint under api.atlassian.com, not api.trello.com. SSO must be configured before SCIM can be enabled, and the directoryId is obtained from Atlassian Admin under Security > Identity providers. SCIM provisioning creates an Atlassian account; Trello workspace and board access must still be granted separately via the Trello REST API.
Offboarding via API is a multi-step operation: DELETE /organizations/{orgId}/members/{memberId} removes workspace membership, but board-level memberships added directly must be removed per-board via DELETE /boards/{boardId}/members/{memberId}. Full account deactivation requires a SCIM PATCH to /Users/{userId} with {"active": false} through Atlassian Guard-there is no REST endpoint on api.trello.com to deactivate or delete an account.
List all members of a Trello workspace
- Obtain API Key and Token with 'read' scope.
- Call GET https://api.trello.com/1/organizations/{orgId}/members?key={key}&token={token}
- Paginate if needed using 'limit' (max 1000) and 'before'/'since' params.
- Parse the returned array of member objects for id, username, fullName, memberType.
Watch out for: Email addresses are not included in this response regardless of scope; they are only accessible on the member's own token.
Provision a new user via SCIM (Enterprise + Guard)
- Ensure Trello Enterprise and Atlassian Guard are active; SSO must be configured.
- Obtain a SCIM API token from Atlassian Admin > Security > Identity providers > your directory.
- Note the directoryId from the same page.
- POST https://api.atlassian.com/scim/directory/{directoryId}/Users with JSON body: {"schemas":["urn:ietf:params:scim:schemas:core:2.0:User"],"userName":"jane@example.com","name":{"givenName":"Jane","familyName":"Doe"},"emails":[{"value":"jane@example.com","primary":true}],"active":true}
- The user receives an invitation email and, upon acceptance, gains access to Trello under the managed organization.
Watch out for: SCIM provisioning creates an Atlassian account; Trello workspace/board access must still be granted separately via Trello REST API or workspace settings.
Remove a member from a workspace and revoke board access
- Obtain API Key and Token with 'write' scope for a workspace admin.
- Call DELETE https://api.trello.com/1/organizations/{orgId}/members/{memberId}?key={key}&token={token} to remove from workspace.
- Enumerate boards in the workspace: GET /organizations/{orgId}/boards.
- For each board, call DELETE /boards/{boardId}/members/{memberId} to remove explicit board membership.
- If full account deactivation is needed, use SCIM PATCH /Users/{userId} with {"active":false} via Atlassian Guard.
Watch out for: Removing a member from the workspace does not automatically remove them from individual boards they were added to directly; board-level removal must be done separately.
Why building this yourself is a trap
The most consequential caveat is deactivation scope: SCIM deprovision deactivates the user's entire Atlassian account across all products, not just Trello. Any automation pipeline that triggers SCIM offboarding must account for downstream impact on Jira, Confluence, and any other Atlassian tools the user holds.
The OAuth 1.0 requirement is a consistent integration friction point. Most modern auth libraries default to OAuth 2.0, and OAuth 1.0 support must be explicitly selected or implemented. Token expiry is set at generation time and cannot be changed after the fact, so long-lived server tokens require deliberate expiry planning upfront.
Workspace IDs can be referenced by numeric ID or slug, but slugs are mutable-any automation relying on slug-based references can break silently if a workspace is renamed. The Observer role returns an error if set on boards in sub-Enterprise plans, so role-assignment logic must branch on plan tier to avoid runtime failures.
Automate Atlassian Trello workflows without one-off scripts
Stitchflow builds and maintains end-to-end IT automation across your SaaS stack, including apps without APIs. Built for exactly how your company works, with human approvals where they matter.
