Using Asana API without client library?

I am a beginner trying to figure out how this API and oAuth works, and it seems like every tutorial / reference I find whether on this API or ANY API assumes a level of knowledge that I can’t fathom because I can’t find information/reference to get me started. I thought I would try to use the Asana API to pull a list of my projects on a page on my wordpress website. Is there a way to do it without the client library? Just a simple php/curl based request?

I tried to use the library first, but don’t know how to install/implement because they mention something about composer, and environment variables that I don’t know how to set, etc… see what I mean by there being no beginner info that I can find?

Here’s what I’ve done:

  1. Create a Wordpress page called Asana Auth on the website, url: MYDOMAIN/asana-auth/
  2. Create an app in Asana with a client ID, secret, redirect url (MYDOMAIN/asana-projects/
  3. On the Asana Auth page, I created a button that when clicked will send the auth information to the Asana authentication uri. My button code:

<a class="custom-button" href="" title="Auth">Authenticate</a>

I click that button, and I can see a successful response in the url with my code included as a parameter. I grab the code using $_GET, and try to exchange it for a token using the following:

            $client_id = 'MY_ID';
            $client_secret = 'MY_SECRET';
            $redirect_uri = 'https%3A%2F%2FMY_DOMAIN%2Fasana-projects%2F&drickstate';
            $access_code = $_GET['code'];
            $token_uri = '';
            $post_fields = array(
                'grant_type' => 'authorization_code',
                'client_id' => $client_id,
                'client_secret' => $client_secret,
                'redirect_uri' => $redirect_uri,
                'code' => $access_code
            $ch = curl_init();
            curl_setopt($ch, CURLOPT_URL, $token_uri);
            curl_setopt($ch, CURLOPT_POST, 1);
            curl_setopt($ch, CURLOPT_POSTFIELDS, $post_fields);

            // receive server response ...
            curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);

            $server_output = curl_exec ($ch);

            curl_close ($ch);
            // further processing ....
            if ($server_output == "OK") {
                return $server_output;
            } else {
                echo 'something went wrong';

It’s saying something went wrong of course, and I’m sure it’s because I don’t have enough information to properly setup the token exchange. I am basing my post request on the Asana API Authentication page. Can someone please either explain if this is possible without the client library, or point me to some reference / tutorials / guides that can get me started? I’ve built dozens of sites with PHP and wordpress, but this is a whole new ballgame and I’m INSANELY frustrated that I can’t find a find beginner references.

I very much appreciate anyone’s helpful response.

I think you don’t need the official PHP library and it looks like you are almost there… Do you have a specific error?

Maybe @Diakoptis has an idea… :thinking:

This being said, why not using the client library?

Thank you for the reply! It’s nice to know that I’m closer than I thought. I looked up how to get errors, and followed the guide here: PHP: curl_error - Manual. My code added before curl_close($ch):

if(curl_exec($ch) === false)
       echo 'Curl error: ' . curl_error($ch);
} else {
       echo 'Operation completed without any errors';

This returns ‘Operation completed without any errors’. However, if I add it to my “further processing…” code:

// further processing ....
            if ($server_output == "OK") {
                return $server_output;
            } else {
                echo 'Curl error: ' . curl_error($ch);

This returns 'Curl error: ’ then nothing. I don’t know if I’m not doing error handling correctly, but it seems like there’s no specific error I can see.

As to your question about using the client library, I’m not strictly against it - there were just no clear (beginner) instructions on how to install/implement. It says to run composer - run where? SSH to my server? Do I copy the files into a directory for the website first? So that was the first hurdle :stuck_out_tongue: Beyond that, when I compare my curl code to the examples in the library, my method looks WAY simpler.

Of course, once I get the connection working I’ll be back at square one in learning how to actually get the data, but I figure small steps :slight_smile: Again, appreciate the reply!

Hey @Dan_Rickman,

your code and fields seems correct. Could you please share the response with the error message?

Progress! I did a var_dump of the $server_output and received the following:

“{ “error”: “invalid_grant”, “error_uri”: “ASANA AUTH DOC LINK WAS HERE”, “error_description”: “The redirect_uri provided did not match what is authorized by the code.” }”

I double checked the redirect uri in the developer app, auth button, and my code on the projects page, and they all match, with the exception of the ‘state’ parameter. Here they all are (with domain removed, because as a new user I can only post two links - but they all start with https):

Developer App settings redirect_uri: DOMAIN/asana-projects/
Auth Button uri: DOMAIN/asana-projects%2F&state=drickstate
Projects page uri: DOMAIN/asana-projects%2F&state=drickstate

But after I changed the projects page variable to just the uri without the state parameter, it worked and gave me a token! It broke the rest of the Wordpress page (ie footer won’t load, wordpress admin bar won’t load, etc…) but that’s at least something! So when they say the redirect_uri needs to match, it needs to match what you have in the app developer settings, or in the auth request, or both?

Now that I have an object with the access token, is there any documentation on actually making calls to the API (and how to get the token out of the object into a php variable). I assume you would make another curl request to the API but this time with the token?

Thank you again!! I’m excited to see this progress.

Oh, and the reason the result broke my page is because I returned the $server_output instead of echoing it.

Yeap. Now you can use the api and the token to get any data you want :slight_smile: