SCIM API access in Postman

So i have gone through all the instructions here OAuth using the node-oauth endpoint to run the endpoint locally and call the asana app to get the access token. The .js seems to work fine if i have my app distributed in Any Workspace. If i try to distribute it to just one workspace that i belong to then i get “invalid client” error in the authorization endpoint. If i set it to Any Workspace then i get the token back in response(valid for 1 hour). So this is the example response i get in the server:

***** Response from the token exchange request:

access_token: ‘ey*w’,
token_type: ‘bearer’,
expires_in: 3600,
data: {
id: 1201345339049167,
gid: ‘1201345339049167’,
name: ‘John Paraskevopoulos’,
email: ‘’
refresh_token: '2/120


I then use that token as bearer in Postman to do a get request such as: eq “

and the error i get is:
“errors”: [
“message”: “One of the following OAuth scopes must be present to use this endpoint: admin.scim.users:read, scim”,
“help”: “For more information on API status codes and how to handle them, read the docs on errors: Errors

I do not get “Not Authorised” error which means my token is not a SCIM one but still there seems to be an issue with permissions. Could this be related to Distribution? Anyone else had similar issues or can provide insight?


Hello @John_Paraskevopoulos ,

Thanks for the question. SCIM API endpoints are not available through OAuth. They can only be accessed through what we call a service account (API token). Service accounts (along with the SCIM feature) are only available to Asana Enterprise and Enterprise+ customers right now. Only an Asana super admin has permission to create these tokens in the admin console.

If you are creating a service account, you can now restrict the tokens access to SCIM API endpints using scope permissions. More here.

Hope this helps!

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.