This changelog is the source of truth for all changes to the Trello developer platform.
Trello is enhancing the card detail viewing and editing experience by introducing several key updates:
New panel view for comments + activity: Card comments + activity will now be displayed side-by-side with card details and offering users the option to collapse the comments and activity panel for a more focused view.
Powerup and Automation Card Buttons in Popover Menu: Card buttons created from Trello power-ups / integrations or automations will now be surfaced in a popover menu. This menu can be accessed from the new card navigation bar, providing a cleaner and more organized interface.
Impact on Power-Ups: While the API remains unchanged, the redesign may affect third-party power-ups and integrations. Developers are encouraged to review their power-ups to ensure compatibility with the new card back design.
This initial announcement aims to inform partners about the changes coming to customers this month (May 2025).
More details about the changes to the card back can be found here: https://support.atlassian.com/trello/docs/new-card-back/
We will be replacing Trello’s current authorization mechanism with OAuth 2.0 (3LO) (also known as “three-legged OAuth” or “authorization code grants”). This change will also introduce new scopes, resource restrictions, and token expiry for greater security.
Read more on our developer community page - RFC-89: Introducing OAuth2 to Trello!
The markdown parser for global power-ups directory has been updated. These changes are also reflected in the Trello card editor. We recommend reviewing your Power-Up listings to ensure your markdown displays as expected. If you need to make adjustments, check out how to format text in Trello.
This endpoint will be deprecated in 6months per our developer communications guidelines (August 18, 2025). For any third-party scripts that rely on this endpoint, use the PUT labels/:id endpoint instead (documentation here).
This endpoint is not referenced in our API documents or guides.
Support for establishing a websocket connection via appkey+token pairs supplied via query arguments will end on November 15, 2024.
While this continues to be undocumented and unsupported, you may make Websocket connections to Trello, however you will need to switch to providing an OAuth Authorization header for authentication.
Note that this isn’t possible in the browser sandbox environment, as the WebSocket API does not have an option to provide custom HTTP headers.
You will need to do this from a privileged context, like an app or possibly a browser add-on in the Trello session context.
We're announcing new IP ranges that will soon be available for requests from external clients, such as browsers and API integrations:
13.35.248.0/24
13.227.180.0/24
13.227.213.0/24
These ranges won't be used to make outgoing connections from Atlassian Cloud to remote systems, for example, webhooks.
To prepare for this change, update your firewalls and other security measures to allow connections to the new IP ranges.
For more information, see IP addresses and domains for Atlassian Cloud products, which includes instructions on how to receive notifications of changes, as well as links to machine-readable lists of our IP ranges.
Up until now, a card’s idShort field value would be restored to its previous value when the card is moved to a board it has previously been on.
Starting Aug 1, 2024 this will no longer be the case. idShort will always receive a new sequence ID on the destination board. This will have no impact on existing idShort values, or on idShort values on cards moved within a single board.
Ensure your app does not store references to idShort values persistently - they may be invalidated due to moves across boards.
In general, we advise against usage of idShort in favor of using the card’s id since idShort values might get invalidated.
As of July 17, 2024, you no longer need to contact Trello to change your public Power-Up Iframe Connector Url domain. You can self-serve this change by going to trello.com/power-ups/admin, selecting your Power-Up, and updating the Iframe connector URL field in Basic information.
While disabling power-up, you can now select Keep all Power-Up data to opt-in to retain the plugin data stored on the board and cards.
Previously, the Disable Power-up dialog defaulted to keeping the users data. Due to security and privacy concerns, we are now changing this functionality. Data will be deleted from active cards on the board immediately, whereas data on archived cards will be deleted asynchronously.
Make sure that your Power-Up collaborators information is up to date. You can modify collaborators on the Power-Ups admin panel under the ‘Collaborators’ tab.
Going forward, when Atlassian receives communication regarding your public Power-Up, we will create a Jira issue and add every collaborator that is associated with your Power-Up. This will include Workspace admins as well as Workspace members that you added manually. Remember, you and your collaborators already have Atlassian Accounts by virtue of being Trello users.
We want to open up a more reliable method of communication between our security team and Power-Up developers. Currently, we only ask for an email for our contact information, and a Support Contact email/link when the Power-Up is made public. This has created many inefficiencies when it comes to reaching out to developers, specifically regarding security tickets.
Since these emails aren’t necessarily tied to an Atlassian Account, there may not even be a person behind a Power-Up . We can’t reliably tag developers in our Jira tickets, so we don’t have a way to track progress outside of an email chain, and many of our attempts to contact a support email go unanswered.
In effect, we’re asking public Power-Ups to have associated Atlassian Account/s, which will make our third-party security processes faster and more secure.
Thanks for all your efforts making Trello awesome, and thanks in advance for your cooperation!
EDIT, 22 May 2024 : This new field has been deprecated since the announcement of our new contact process for Power-Up developers.
We have now added a new fieldatlassianEmail in Power-Ups to store Atlassian account information
We will soon be asking public Power-Ups to include an email linked to an Atlassian Account. This will assist our support and internal developer teams in managing Power-Up vulnerabilities, and handling communications.
For more information, see https://developer.atlassian.com/cloud/trello/guides/power-ups/submitting-your-power-up/#prepare-for-launch
This information will only be required if you want to make your Power-Up public, just like our fields Support Email and Privacy Policy. It will not be shown on your public Power-Up listing.
Rollout completed March 12th 2024
Trello’s API will no longer permit supplying a body with a GET request. Previous behavior in our API ignored the payloads provided with GET requests but these requests will now be blocked with a 403 response from our content delivery network.
To resolve issues resulting from this change ensure all GET requests to Trello’s API are sent without a payload.
Supplying a body in a GET request will result in a response with the following format:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<HTML><HEAD><META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1">
<TITLE>ERROR: The request could not be satisfied</TITLE>
</HEAD><BODY>
<H1>403 ERROR</H1>
<H2>The request could not be satisfied.</H2>
<HR noshade size="1px">
Bad request.
We can't connect to the server for this app or website at this time. There might be too much traffic or a configuration error. Try again later, or contact the app or website owner.
<BR clear="all">
If you provide content to customers through CloudFront, you can find steps to troubleshoot and help prevent this error by reviewing the CloudFront documentation.
<BR clear="all">
<HR noshade size="1px">
<PRE>
Generated by cloudfront (CloudFront)
Request ID: 4ogSZBSsiLGbtsvYqOrUuLBZtQh5mksfsLsYd2kfPezq6jSgOIuX0A==
</PRE>
<ADDRESS>
</ADDRESS>
</BODY></HTML>Trello has introduced a /w/ and /u/ route prefix for workspace and member routes. This change has already been rolled out, with API responses for workspaces (or “organizations” in the API) and members returning the prefixed url values.
Trello will cease support for the legacy format by Aug 8, 2024 and as such all integrations storing URLs must update to the new format by that date.
Examples
Legacy workspace URL: https://trello.com/trelloinc
New workspace URL: https://trello.com/w/trelloinc
Legacy member URL: https://trello.com/taco
New member URL: https://trello.com/u/taco
In addition to the action and the model fields, webhook event responses now contain the webhook field, which contains the webhook model itself. The webhook model fields are id, active, callbackURL, description, idModel, consecutiveFailures, firstConsecutiveFailDate.
See our webhook documentation for full details on webhook event responses.
For apps using legacy app keys (app keys created via trello.com/app-key) you can now specify the app author by passing the author query parameter in your OAuth request URL or by setting the appAuthor config option when calling either TrelloPowerUp.initialize or TrelloPowerUp.iframe, depending on your workflow.
Please update each and every one of your apps using Trello OAuth with legacy app keys to include your app’s author name, otherwise you risk your app falling out of compliance and potentially getting it delisted from Trello.
For more info please refer to the documentation of the OAuth method you’re using:
- t.authorize()
- t.getRestApi().authorize()
Rate this page: