I found Get Current User Boards API which returns all boards current user has access to. I can then loop through to find the board I need and start adding/updating cards.
Card widget JSON does have tags field. Is there any way to add tags via API?
Are there any examples of end-to-end similar functionality (including authentication)?
Your flow seems to be the right one. This is one way to do it:
Use Get Authorization that will return the team id for the given access_token
Use the team id in the Get Current User Boards API to retrieve the list of board ids of this user (the one linked to the access_token)
Use the Board Content APIs to do what you want to do on the board (create/delete/update widgets)
I don’t think we have a code sample for this exactly, you can take a look at this example showing how to implement the OAuth2 flow.
If I had to summarise it:
For the OAuth 2.0 flow:
Step 0 - Create a Dev Team and an Application
Step 1 - Create the authorization link and send it to the user
Step 2 - Get the verification code (as a query parameter)
Step 3 - Use the verification to obtain an access token
Step 4 - Make an API call musing the access token
Practically:
You need to add an authorization serverto which you will redirect your users. This will be the server to which the user will be redirected to when authorizing the access. In the example here I use localhost:3000, you will need to set that up into your profile in the Redirect URI field.
Prepare the URL by updating the redirect_uri and your client id (replace the XXX) (that you get in your profile)
If you open this link into a browser you will have the popup to authorize your app (this is what you should give to your users into your app). If you authorize it, it will redirect you to the redirect_uri (localhost in the example). If you try with localhost without having a server running you will get an error but if you take a look at the URL you will see a new query parameter "code". You need to save that code to exchange it for an access token. Please note that this code has a time to live of 10min and can be used only one time.
Replace the code from the response this new URL to prepare the API Call. Replace as well the client id and the client_secret with yours and call this API using a POST method (replace YYY, XXX and Z).