I'm using cURL to send requests to the Trello API.
When I send a GET request to get a card's e-mail address (which is used to send comments to a card), the API returns null.
I've searched and found that this is usually because the required permission is missing from the token. I have all permissions on the token: read,write,account.
The card in question is inside a board on my profile, so I should be able to do this using my own key and token.
If I open the card's normal URL with json (https://trello.com/c/[short-URL]/card-title.json), then the e-mail address is there.
Is there something I'm missing?
I got an official response from Trello Support, which explains the cause:
For security reasons, we don't display the card or board email addresses via the API. Having the email-to-board or card email address technically provides write access to the account, even if the token expires, and so we don't expose that information via the API. Although you're a member of that board, there are situations where another person or app could have access to your token, so we don't make that available via the API as a rule.