Using 'anonymous' PersonalToken when making API Call.


We have a custom build CRM and we have decided to create tasks for certain users based on events. For development purposes, we have been using the personalToken. Now that we are ready to deploy, we are in a pinch.

  • We do not want to have the same staff member creating and being a collaborator of every tasks since we are using his PersonalToken
  • The Tasks will be created in the background, ie: whenever a user A (internal or external) perform a certain action, we want to create a Task assigned to user B to get in touch with user A about whatever action A performed. As I understand it, using OAuth in that instance will prompt the user to Authenticate and I do not want that.
  • How does the ASANA Form create it’s tasks ? We have created a custom form that we give to our users, they are not necessarily part of our ORG, how should I authenticate our form?

We are not Business customers, and the default ASANA Forms were too limited. How should we proceed, is there an “Impersonal Token” I’ve missed that would work like a Personal Token ?
I realize now I’ve just asked for an API Key. :sweat_smile:

If I had a spare seat, I Would create a “bot” user and get it to create all the tasks for us. Looking forward to hearing your suggestions.

I think there is something called a “service token” for this case, let me check.

Ouch this is for Enterprise only How to Create and Manage Service Accounts | Asana Product Guide • Asana Product Guide
@Phil_Seeman any idea?

Not too many options here beyond your current PAT approach.

One is the “bot” user route, but it sounds like that one is not practical monetarily.

As Bastien says, service accounts are only available for Asana Enterprise, so that’s out.

That leaves OAuth. In terms of OAuth, each user would only have to authenticate once at the outset (and it would only take a user a few seconds to do it); you store their token from then on. You say you don’t want to use OAuth but is a one-time authorization per user unacceptable?

As I understand it, Asana Forms use a special type of service token that gives them access to all accounts when they create a task from a form submission. You’ll have to authenticate your form submissions using one of the above approaches.

Thank you Phil,

The task would be following an action or a form filled in by some of our website users (they have to login to our system first), I don’t want the users to be prompted to login to Asana when click on a link. They might even think its a virus poping up.

PAT it will have to be. Thanks for your time guys.

Join my crusade to make the service account available to the pleb ! we could call it API Key!

1 Like