Re-adding Pinboard to IFTTT

Written March 29, 2016


Use the Maker channel as your Action, and make requests directly to the Pinboard API.

The format is

Your token is on the Pinboard Settings->Password page, and you should probably use the Ingredients from the Trigger to fill in the URL and Description parameters.

Other useful parameters:

The backstory

If you’re reading this post, you probably received the same passive aggressive email from IFTTT mentioning that the Pinboard channel would stop working in a week. I’ve copied the body of the email below, for posterity:

Hi harbichidian,

We’re working on a new IFTTT platform for developers that makes building Channels and Recipes a breeze.

Recently, we’ve worked with our partners to migrate to the improved platform, but some have chosen not to do so. Unfortunately, the Pinboard Channel did not migrate to the new platform and will be removed on April 4th.

Pinboard is one of our favorite services and we’re all sad to see it go. We hope down the road it may be back.

Stay tuned to the latest Channels launching on IFTTT!

— The IFTTT Team

If you’re still reading this post, you probably also read the Pinboard developer’s response, which explains some of their reasons for choosing to disagree with IFTTT’s new terms of service. In short, IFTTT is allegedly:

There is more, but these two demonstrate that IFTTT has clearly stopped focusing on creating connections between useful systems and started focusing on becoming a “useful system” in their own right. At a practical level, this almost certainly means they’re putting the last few bricks into a paywall.

For many of us, including myself, seven days is simply not long enough to evaluate the market and find a good replacement for a core service like Pinboard or IFTTT. We need more time…

The Three Virtues

Unfortunately for IFTTT, many of their users are programmers. Lazy programmers. We don’t use IFTTT for some mission critical widget, we use it to automate boring things. Even worse, Pinboard is a “no-nonsense bookmarking site for people who value privacy and speed”. Like programmers. So IFTTT has chosen to irritate the tiniest sliver of the Venn diagram that will actually do something about it.

Larry Wall once said that there are three great virtues of a programmer: Laziness, impatience, and hubris. That is, programmers will expend a great deal of energy to avoid work, get things done faster, and ultimately look good among their peers.

This blog post is the virtual embodiment of all three. IFTTT has broken my button automater, neither of the two parties seem to be likely to compromise, and I want to show off some sparkly tail feathers…

How to un-break your recipes

IFTTT has another channel called “Maker”. As far as I can tell, it’s sort of a “last resort” option that IFTTT has put together for all of the services that don’t yet have a customized channel, but it might actually be managed by Hackster. Not sure on that one.

The great thing about Maker is that its Action is a completely wide open web request. You can make pretty much any simple web request that you would want: GET, POST, PUT, DELETE, JSON body, plain text body, form-encoded body, all kinds of neat things. I’ve used it for feeding raw data into, triggering a process that archives a git repository to Dropbox, and as a really ugly keepalive hack. (This one can be set up wrong very easily, so be careful. And maybe don’t tell your sysadmin. And lock your door. And transfer to another building. And figure out how to log in without a mouse. Or a monitor.)

The great thing about Pinboard is that it has a really easy API: Endpoints are clear and obviously named, all the data can be included as simple URL parameters, and you don’t have to learn all that OAuth stuff that you’ve been putting off way too long and really could you just learn it and be done before something actually serious happens and you regret having to skim the first three results of “oauth in five minutes” before accidentally pidgeonholing yourself into a commitment that you’ll have to sweat about for months until management forgets what they asked you in the first place. Or, you know… Something like that.

So now we put the two of them together and we avoid this whole “IFTTT and Pinboard aren’t speaking to each other” problem for another few weeks, until one of them decides to drop a revenge bomb on the other using the innocent users as collateral.

This got way off track.

Step 1: Get your Pinboard token

Go to “” and copy your API token. You’ll need this for the URLs you create in the Maker channel.

Step 2: Find all of your IFTTT recipes that use Pinboard

The easiest way to do this is from IFTTT’s channel page for Pinboard. You can click the “# Personal Recipes” link to see all of your recipes that use Pinboard as the Trigger or the Action.

Or you can just go to “”.

Step 3: Make replacement recipes

For each of those Pinboard recipes, make another with the same Trigger, but this time use the Maker channel as your Action. In the URL field, put and paste in your Pinboard token.

This endpoint requires two more parameters: url and description. You can add more parameters after the auth_token by using &the_parameter_name=whatever_value, and you will probably want to use the IFTTT Ingredients to fill in the values of the parameters, so stick those on the end of what you have in the URL.

You can add some more parameters to control the bookmark, as well:

Step 4: Remove all the old Pinboard recipes

You could leave them up until the 4th, but they’re just duplicating the work.

Step 5: Do not ever make these Maker recipes public

The URL includes your Pinboard token. If you make any of these Maker recipes public on IFTTT, other users can see your token.

You should probably also keep an eye out for any “helpful” changes to IFTTT that offer to find similar users or make you more visible. It is entirely possible that they will accidentally leak your token.

Step 6: Ask @Pinboard for the ability to create multiple tokens

It would be helpful if you could create multiple tokens for your Pinboard account. That way you only have to revoke and replace a single compromised token, rather than having to dig around and remember all the places you might have put it.

You might even send @Pinboard a tweet. Something like “Hey @Pinboard, any plans for the ability to create and label multiple API tokens? I’d like to revoke only one if it ever gets misused.”