So, I already suspect the answer is no, but I need to make sure…
if I create a comment on a task through the createStoryForTask endpoint, can I spoof it so that the comment was created from someone on our team?
Like, if Bob Smith leaves a comment in another system, and my API needs to recreate that comment in Asana (in Bob’s name), can the API create a comment on a Task from Bob Smith? Or, does it have to be in whatever Service Account name the API is using to authenticate?
Your supposition is correct.
It wouldn’t be appropriate for most shared apps, but a Personal Access Token for each user will permit what you’re asking.
Thanks,
Larry
ohhh I see. So, if I had like, a lookup table of Access Tokens, I could look up the correct token, and use THAT to spoof the comment.
There are different ways to authenticate (OAuth, PATs) and they’re documented here:
Depending on your app, I think you’ll see what’s appropriate and if it’s OAuth, I don’t think it will work as you suggest.
But perhaps @Phil_Seeman or another will weigh in with a more detailed response.
Hi @Christine_Hill2,
I think in your case, you could probably get away with using Personal Access Tokens (PAT) and not have to deal with OAuth.
You would do exactly as you say - you’d have each of your team members create a Personal Access Token and supply it to you. You’d store those in some table or data store where each record represents a team member and contains their PAT.
Then when the time comes to record a comment, you’ll grab the appropriate user’s PAT - ob Smith’s in your example - and use it as the authentication token for the createStoryForTask call.
Just remember that from Asana’s viewpoint, you are modifying a task in Bob Smith’s Asana instance, so make sure that Bob has access (Comment-only or greater) to the task you’re adding the comment to.
This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.