How access tokens work?

stroos · May 2, 2024, 7:08pm

So im currently working an app with asana, and im asking the user to get his access token from here “https://app.asana.com/0/my-apps” then “Personal access tokens”, so can i use that token indefintly or? + i would like an example of how to use the attachments to put an image on a task thanls

Stephen_Li · May 2, 2024, 7:58pm

@stroos - welcome to the forum! What is the scope of the app you’re building? You can use the personal access tokens if your scope is very narrow and you don’t need multiple users using the app. If you’re building this for your whole org or beyond, you probably want to use OAuth (or at least a service account token, if you are in an enterprise org). See the documentation for more on all of this.

To answer your specific question, the access tokens are persistent unless refreshed (at least as far as I know), but if you are building an app and making calls with his his individual token, all of the changes the app makes will show as being authored by him. EDIT: see Phil’s response below for clarification/correction.

Phil_Seeman · May 2, 2024, 9:09pm

Right - to confirm, Personal Access Tokens are valid forever unless revoked. OAuth tokens need to be refreshed once per hour.

Just to clarify, this is true regardless of whether one uses a Personal Access Token or OAuth - in both cases, whatever Asana account is authorized will be recorded as the author of all changes made by the app. (It’s still true for an Enterprise service account but at least there, it won’t show up like a person made all of the changes.)

stroos · May 4, 2024, 1:01pm

Thanks for taking the time fitrst to help me, so what im doing is a discord bot (private), so users can use a command to input their access token and it will be saved in a database (MongoDB) after that there is command like create task and the command just create the task for the user with his token.
So this access token should be used forever right?
Also my second question is that how to use the attachments endpoint to put an image on a task, bacause i can’t find a really detailed example. thanks

stroos · May 4, 2024, 1:32pm

im trying to upload a url image actually like this “https://cdn.discordapp.com/attachments/1134258271008604332/1236304948527108179/Asana-social-_avatar.png?ex=66378635&is=663634b5&hm=e7f28629e279f6d966c34dc3f2d83bd6cf3eb865a4c34658081ea6f13f2443df&”

stroos · May 4, 2024, 6:16pm

for the attachment thing when i im using an image url it shows like this?

Topic		Replies	Views
Best practices for using personal access token when developing application Developers & API	2	242	April 24, 2024
OAuth? Personal Access Token? API Key? How to get connected to Asana through our API Developers & API platform , api , authentication	7	17617	May 6, 2022
Organisation level API Developers & API	3	1939	November 18, 2018
Enabling Personal Access Tokens? Developers & API authentication	1	2879	January 23, 2019
To check my created application for different User Developers & API	3	909	January 20, 2021

How access tokens work?

Related topics