Questions on PAT for user account/System Account

Murali_Siddappa_Badi · January 18, 2023, 10:25pm

Hey Team,

I have a use case and some questions on the same, can someone please look into this?

Use Case:

I have a script that will run automatically once in a day and fetches some data from Asana using APIs and stores the data in one of our database.

Questions:

Whose PAT should I use for the API calls? of course I can use anybody’s PAT that has access to the resources I am querying but the PAT will expire once the user leaves our company. Is there a way to create a system Account/Service Account in Asana and use its PAT to make API calls? I know that Super Admins can create a Service Account, but can we create a PAT for this Service Account?
Another concern with using Service Account is that the Service account will have permission to everything in the organization, Is there a way to restrict access to Service Accounts?
If a super admin leaves the company, what happens to the Service Account created by them?

Thanks,
Murali B.

lpb · January 19, 2023, 4:17am

@Murali_Siddappa_Badi,

Service Accounts are an Enterprise plan-only feature:

You may want to create a regular member account solely for this purpose (and pay one extra seat) and give it only the access you desire and create your PAT there. That “user” will never leave your company. Just share the credentials as needed.
You can’t alter a Service Account’s permissions which is why I suggest the above approach.
Service Accounts (you can have multiple ones) are created and managed by any/all super admins in your org (you can have multiple super admins). Their coming and going won’t affect the Service Accounts in existence.

Hope that helps,

Larry

Murali_Siddappa_Badi · January 19, 2023, 4:21am

Thanks for the response @lpb. I have a follow up questions

You may want to create a regular member account solely for this purpose (and pay one extra seat) and give it only the access you desire and create your PAT there. That “user” will never leave your company. Just share the credentials as needed.

How do I create this member account? any link to documentation?
Who manages this account?
Also, what will be the credentials for this account?

Thank you,
Murali B.

lpb · January 19, 2023, 4:29am

@Murali_Siddappa_Badi,

This is no different than any other new user to Asana at your organization. Create this user just as you did all others. Make sure they are somename@yourorganization.com so they will be a member. You decide who manages this login and among who you share the password.

Bastien_Siebman · January 19, 2023, 5:42am

Note that in some cases a guest might be enough if added to the appropriate objects.

Murali_Siddappa_Badi · January 19, 2023, 8:06pm

Thank you @Bastien_Siebman , @lpb.

Also, if I want to submit a feature request for asana how would I do it?

It would be really nice if Asana would integrate with some secret store eg: SecretsManager to store PATs where rotation or resetting of PAT is automated.

I want to submit the above as a feature request.

lpb · January 19, 2023, 11:54pm

@Murali_Siddappa_Badi,

To submit a feature request, usually you would post in #forum-en:product-feedback so I’d recommend that. One request per topic.

Larry

Murali_Siddappa_Badi · January 20, 2023, 12:56am

Thank you!