Overview
Helpful code snippets will show up in this column.
curl https://app.asana.com/api/1.0/users/me \
-H "Authorization: Bearer 0/a7f89e98g007e0s07da763a"
The Asana API is a RESTful interface, providing programmatic access to much of the data in the system. It provides predictable URLs for accessing resources, and uses built-in HTTP features to receive commands and return responses. This makes it easy to communicate with from a wide variety of environments, from command-line utilities to gadgets to the browser URL bar itself.
The API accepts JSON or form-encoded content in requests and returns JSON content in all of its responses, including errors. Only the UTF-8 character encoding is supported for both requests and responses.
Notes on Pagination
Pagination is an important concept when working with queries for multiple objects. Requests with large result sets may timeout or be truncated; therefore, pagination is strongly encouraged to ensure both you and your users have the best experience when using the Asana API.
Happy coding!
Object Hierarchy
Asana is a work tracking and collaboration tool. This guide is designed to give developers a brief overview of how Asana is structured. It’s not meant to be exhaustive and may be too basic for experienced Asana users. The intention is to describe the fundamental elements of Asana to help you scope apps and avoid common points of confusion.
How work is organized
Tasks
Tasks are the basic unit of action in Asana. Tasks have many fields including a single assignee, name, notes, followers (i.e. collaborators), likes, and comments (among others). Tasks inherit custom fields from their parent project(s). Custom fields values are set for each individual task.
In addition to standard Create / Read / Update / Delete operations, there are a few things to watch out for when working with tasks:
- Tasks can be orphaned and belong to no projects, they can belong to one project, or they can be multi-homed across two or more projects. The
memberships
field is a collection of the projects with which the task is associated. - Tasks can be multi-homed as subtasks. For example, task A can be in project B and the same task A can also be a subtask of task C.
Projects
A project is a collection of tasks that can be viewed as a list, board, timeline, and calendar. Projects can only exist in a single organization or workplace and only belong to a single team. Projects can be public in the team or private to project members. Among the many fields associated with projects, they can have global (shared across the organization) or local (project-specific) custom fields. A project’s custom fields will be displayed on each task within the project.
Portfolios
Portfolios are collections of projects (or other portfolios). Custom fields can be added to portfolios in addition to standard fields that are displayed on every portfolio. These fields provide a high-level overview of the status of each project within the portfolio.
Sections
A section is a group of tasks within a project. Sections let you divide tasks into categories, workflow stages, priorities, and more.
Subtasks
A subtask is exactly the same as tasks in a project except that one (and only one) of its parents is a task (although subtasks can also simultaneously be organized into projects). To check if a task has a subtask, include the num_subtasks
field when fetching the parent task.
Things to note when working with subtasks:
- Subtasks do not inherit the projects of their parent tasks.
- There can be up to 5 levels of subtasks below a task. We do not recommend making sub-subtasks.
- There is no way to fetch all subtasks of all tasks in a project in a single request.
How users are organized
Workspaces
A workspace is the highest-level organizational unit in Asana. All projects, tasks, and teams have an associated workspace.
Organizations
An organization is a special kind of workspace that represents a company. Organizations connect all the employees at a company using Asana in a single space based on the company’s shared email domain. In an organization, you can group your projects into teams.
Teams
Teams are a subset of users in an organization who collaborate on projects together. Every project in an organization is associated with one team. Team messages are not currently available in the API.
Users
A user object represents an account in Asana that can be given access to various workspaces, projects, and tasks. Asana accounts are free and tied to individuals; Asana accounts grant access to one or more shared Workspaces and Organizations to collaborate with other Asana users.
Guest Users
Users can invite clients, contractors, customers, or anyone else who does not have an email address at an approved Organization email domain. These users join as Organization Guests. Guests have limited access in an Organization -- they can only see what’s explicitly shared with them.
Note: it can be advantageous to use guests to create bot accounts. Due to the access restrictions, bots created from a guest account Personal Access Token can be given fine-grained access to only the data that it needs to use.
Authentication
Asana supports a few methods of authenticating with the API. Simple cases are usually handled with a Personal Access Token, while multi-user apps utilize oauth.
"Authorization: Bearer ACCESS_TOKEN"
- OAuth 2.0 We require that applications designed to access the Asana API on behalf of multiple users implement OAuth 2.0.
- Personal Access Token Personal Access Tokens are designed for accessing the API from the command line or from personal applications.
OAuth
Most of the time, OAuth is the preferred method of authentication for developers, users, and Asana as a platform. If you're new to OAuth, take a moment to learn about it here. It's not as scary as you might think!
In addition to learning about how to use OAuth on the Asana platform here, feel free to take a look at the official OAuth spec!
At its core, OAuth is a mechanism for applications to access the Asana API on behalf of a user without the application having access to the username and password. Instead, apps get a token which they can use with their own application credentials to make API calls.
What is OAuth?
If you're using a library to handle this or already understand OAuth and have registered an OAuth application, you may want to skip ahead to the quick reference.
If you have not already, you will need to register an application. Take note of the client ID, an application's username, and the client secret, an application's password (protect it like one)!
A user will arrive at your application and click a button that says "Connect with Asana."
This takes the customer to the User Authorization Endpoint, which displays a page asking the user if they would like to grant access to your third-party application.
If the customer clicks "Allow", they are redirected back to the application, bringing along a special code as a query parameter. (We are assuming the Authorization Code Grant flow, which is the most common.)
The application can now use the Token Exchange Endpoint to exchange the code, together with the Client Secret, for a Bearer Token (which lasts an hour) and a Refresh Token (which can be used to fetch new Bearer Tokens when the current one expires).
The application can make requests of the API using this Bearer Token for the next hour.
Once the Bearer Token expires, the application can again use the Token Exchange Endpoint to exchange the Refresh Token for a new Bearer Token. (This can be repeated for as long as the user has authorized the application.)
We definitely recommend using a library to take care of the nitty-gritty of OAuth, but hopefully this helps demystify the process somewhat.
Register an Application
You must first register your application with Asana to receive a client ID and client secret. Fortunately, this process is fast and easy: visit your Account Settings dialog, click the Apps tab, and "Add New Application".
You must supply your new application with:
- App Name - A name for your application. A user will see this name when your application requests permission to access their account as well as when they review the list of apps they have authorized.
- App URL - The URL where users can access your application or, in the case of native applications, this can be a link to setup or support instructions. Note that this URL must start with "http" or "https".
- Redirect URL - As described in the OAuth specification, this is where the user will be redirected upon successful
or failed authentications. Native or command line applications should use the special redirect URL
urn:ietf:wg:oauth:2.0:oob
. For security reasons, non-native applications must supply a "https" URL (more on this below). - Icon - Optionally, you can upload an icon to enhance the recognizability of the application when users are authenticating.
Note that all of these attributes can be changed later, so don't worry too much right away.
Once you have created an app, the details view will include a Client ID, needed to uniquely identify your app to the Asana API, as well as a Client Secret.
Note Your Client Secret is a secret, it should never be shared with anyone or checked into source code that others could gain access to.
Quick Reference
- Applications can be created from the "Apps" tab of your account settings, where you will find your Client ID and Client Secret.
- The endpoint for user authorization is
https://app.asana.com/-/oauth_authorize
- The endpoint for token exchange is
https://app.asana.com/-/oauth_token
- Asana supports the Authorization Code Grant flow.
- Once an access token has been obtained your application can make calls on behalf of the user
User Authorization Endpoint
Request
Send a user to oauth_authorize
<a href="https://app.asana.com/-/oauth_authorize
?client_id=753482910
&redirect_uri=https://my.app.com
&response_type=code
&state=thisIsARandomString
&code_challenge_method=S256
&code_challenge=671608a33392cee13585063953a86d396dffd15222d83ef958f43a2804ac7fb2
&scope=default">Authenticate with Asana</a>
Your app redirects the user to https://app.asana.com/-/oauth_authorize
, passing parameters along as a standard query string:
Parameter | Description | |
client_id | required The Client ID uniquely identifies the application making the request. | |
redirect_uri | required The URI to redirect to on success or error. This must match the Redirect URL specified in the application settings. | |
response_type | required Must be either code or id_token , or the space-delimited combination code id_token . | |
state | optional Encodes state of the app, which will be returned verbatim in the response and can be used to match the response up to a given request. | |
code_challenge_method | PKCE The hash method used to generate the challenge. Typically S256 . | |
code_challenge | PKCE The code challenge used for PKCE. | |
scope | optional A space-delimited set of one or more scopes to get the user's permission to access. Defaults to the default OAuth scope if no scopes are specified. |
Response
If either the client_id
or redirect_uri
do not match, the user will simply see a plain-text error. Otherwise,
all errors will be sent back to the redirect_uri
specified.
The user then sees a screen giving them the opportunity to accept or reject the request for authorization. In either
case, the user will be redirected back to the redirect_uri
.
User is redirected to the redirect_uri
https://my.app.com?code=325797325&state=thisIsARandomString
When using the response_type=code
, your app will receive the following parameters in the query string on successful authorization.
Parameter | Description | |
code | If response_type=code in the request, this is the code your app can exchange for a token | |
state | The state parameter that was sent with the authorizing request |
You should check that the state is the same in this response as it was in the request. You can read more about the state
parameter here.
OAuth Scopes
The Asana API supports a small set of OAuth scopes you can request using the
scope
parameter during the user authorization step of your authentication
flow. Multiple scopes can be requested at once as a space-delimited list of
scopes. An exhaustive list of the supported scopes is provided here:
Scope | Access provided | |
default | Provides access to all endpoints documented in our API reference. If no scopes are requested, this scope is assumed by default. | |
openid | Provides access to OpenID Connect ID tokens and the OpenID Connect user info endpoint. | |
Provides access to the user's email through the OpenID Connect user info endpoint. | ||
profile | Provides access to the user's name and profile photo through the OpenID Connect user info endpoint. |
Token Exchange Endpoint
Request
When your app receives a code from the authorization endpoint, it can now be exchanged for a proper token.
If you have a client_secret
, this request should be sent from your secure server.
The browser should never see your client_secret
.
App sends request to oauth_token
{
"grant_type": "authorization_code",
"client_id": "753482910",
"client_secret": "6572195638271537892521",
"redirect_uri": "https://my.app.com",
"code": "325797325",
"code_verifier": "fdsuiafhjbkewbfnmdxzvbuicxlhkvnemwavx"
}
Your app should make a POST
request to https://app.asana.com/-/oauth_token
,
passing the parameters as part of a standard form-encoded post body.
Parameter | Description | |
grant_type | required One of authorization_code or refresh_token . See below for more details. | |
client_id | required The Client ID uniquely identifies the application making the request. | |
client_secret | required The Client Secret belonging to the app, found in the details pane of the developer console. | |
redirect_uri | required Must match the redirect_uri specified in the original request. | |
code | required This is the code you are exchanging for an authorization token. | |
refresh_token | sometimes required If grant_type=refresh_token this is the refresh token you are using to be granted a new access token. | |
code_verifier | PKCE This is the string previously used to generate the code_challenge. |
The token exchange endpoint is used to exchange a code or refresh token for an access token.
Response
In the response, you will receive a JSON payload with the following parameters:
{
"access_token": "f6ds7fdsa69ags7ag9sd5a",
"expires_in": 3600,
"token_type": "bearer",
"refresh_token": "hjkl325hjkl4325hj4kl32fjds",
"data": {
"id": "4673218951",
"name": "Greg Sanchez",
"email": "gsanchez@example.com"
}
}
Parameter | Description | |
access_token | The token to use in future requests against the API | |
expires_in | The number of seconds the token is valid, typically 3600 (one hour) | |
token_type | The type of token, in our case, bearer | |
refresh_token | If exchanging a code, a long-lived token that can be used to get new access tokens when old ones expire. | |
data | A JSON object encoding a few key fields about the logged-in user, currently id , name , and email . |
Authorization Code Grant
To implement the Authorization Code Grant flow (the most typical flow for most applications), there are three steps:
Send the user to the authorization endpoint so that they can approve access of your app to their Asana account
Receive a redirect back from the authorization endpoint with a code embedded in the parameters
Exchange the code via the token exchange endpoint for a
**refresh_token**
and, for convenience, an initialaccess_token
.When the short-lived
access_token
expires, the**refresh_token**
can be used with the token exchange endpoint, without user intervention, to get a freshaccess_token
.
The token that you have at the end can be used to make calls to the Asana API on the user's behalf.
Proof Key for Code Exchange (PKCE) OAuth Extension
User Authorization Endpoint
{
...
"code_challenge": "671608a33392cee13585063953a86d396dffd15222d83ef958f43a2804ac7fb2",
"code_challenge_method": "S256"
}
Token Exchange Endpoint
{
...
"code_verifier": "fdsuiafhjbkewbfnmdxzvbuicxlhkvnemwavx"
}
PKCE proves the app that started the authorization flow is the same app that finishes the flow. You can read more about it here.
Here's what you need to know:
Whenever a user wants to oauth with Asana, your app server should generate a random string called the
code_verifier
. This string should be saved to the user (as everycode_verifier
should be unique per user). This should stay on the app server and only be sent to the Token Exchange Endpoint.Your app server will hash the
code_verifier
with SHA256 to get a string called thecode_challenge
. Your server will give the browser only thecode_challenge
&code_challenge_method
. Thecode_challenge_method
should be the string "S256" to tell Asana we hashed with SHA256. More specifically, code_challenge = BASE64URL-ENCODE(SHA256(ASCII(code_verifier))).The browser includes
code_challenge
&code_challenge_method
when redirecting to the User Authorization Endpoint.The app server should include the
code_verifier
in it's request to the Token Exchange Endpoint.
Asana confirms that hashing the code_verifier
with the code_challenge_method
results in the code_challenge
. This
proves to Asana the app that hit the User Authorization Endpoint is the same app that hit the Token Exchange
Endpoint.
Secure Redirect Endpoint
As the redirect from the authorization endpoint in either grant procedure contains a code that is secret between Asana's
authorization servers and your application, this response should not occur in plaintext over an unencrypted http
connection.
Because of this, we enforce the use of https
redirect endpoints for application registrations.
For non-production or personal use, you may wish to check out stunnel, which can act as a proxy to receive an encrypted connection, decrypt it, and forward it on to your application. For development work, you may wish to create a self-signed SSL/TLS certificate for use with your web server; for production work we recommend purchasing a certificate from a certificate authority. A short summary of the steps for each of these processes can be read here.
Your application will need to be configured to accept SSL/TLS connections for your redirect endpoint when users become authenticated, but for many apps, this will simply require a configuration update of your application server. Instructions for Apache and Nginx can be found on their respective websites, and most popular application servers will contain documentation on how to proceed.
Personal Access Token
Personal Access Tokens (PATs) are a useful mechanism for accessing the API in scenarios where OAuth would be considered overkill, such as access from the command line and personal scripts or applications. A user can create many, but not unlimited, personal access tokens. When creating a token you must give it a description to help you remember what you created the token for.
Personal Access Tokens should be used similarly to OAuth access tokens when accessing the API, passing them in the Authorization header.
Example cURL request authenticating with a PAT
curl https://app.asana.com/api/1.0/users/me \
-H "Authorization: Bearer ACCESS_TOKEN"
You can generate a Personal Access Token from the Asana developer console. See the Authentication Quick Start for detailed instructions on getting started with PATs.
You should regularly review the list of personal access tokens you have created and deauthorize those that you no longer need.
Remember to keep your tokens secret; treat them just like passwords! They act on your behalf when interacting with the API. Don't hardcode them into your programs. Instead, opt to use them as environment variables.
OpenID Connect
Asana also supports the OpenID Connect protocol for authenticating Asana users with your
applications. This means that, in addition to the normal code
and token
response types for the OAuth flow, you can
also use the id_token
response type.
For this response type, you are not granted an access token for the API, but
rather given a signed Json Web Token containing the user's ID along with some metadata. If you want
to allow users to log into your services using their Asana account, the OpenID Connect protocol is an ideal way to
authenticate an Asana user. To obtain an ID token, you must request the openid
scope during the authentication flow.
It is also possible to obtain an ID token alongside an authorization code in the authorization code grant
flow by using the (space-delimited) code id_token
response type. If you do, the redirect parameters will include
the ID token in addition to everything you would normally receive.
To access additional information about the user in a standardized format, we also expose a
user info endpoint that can provide the user's name,
email address, and profile photo. This data is available by making a GET
request to
https://app.asana.com/api/1.0/openid_connect/userinfo
with an OAuth access token that has the openid
scope.
Depending on the scopes tied to that token, you will receive different pieces of data. Refer to our
list of OAuth scopes to determine which additional scopes you need to get the data you want.
Metadata about our OpenID Connect implementation is also made available through OpenID Connect's
discovery protocol. Making an unauthenticated GET
request to https://app.asana.com/api/1.0/.well-known/openid-configuration
will provide all the details of our
implementation necessary for you to use OpenID Connect with Asana's API.
Errors
Missing authorization header
GET https://app.asana.com/api/1.0/users/me HTTP/1.1
HTTP/1.1 401 Not Authorized
{
"errors": [
{
"message": "Not Authorized"
}
]
}
Sadly, sometimes requests to the API are not successful. Failures can occur for a wide range of reasons. In all cases, the API should return an HTTP Status Code that indicates the nature of the failure (below), with a response body in JSON format containing additional information.
In the event of a server error the response body will contain an error phrase. These phrases are automatically generated using the node-asana-phrase library and can be used by Asana support to quickly look up the incident that caused the server error.
Bad request parameters
GET https://app.asana.com/api/1.0/tasks HTTP/1.1
Authorization: Bearer <personal_access_token>
HTTP/1.1 400 Bad Request
{
"errors": [
{
"message": "workspace: Missing input"
}
]
}
Asana had a problem
GET https://app.asana.com/api/1.0/users/me HTTP/1.1
Authorization: Bearer <personal_access_token>
HTTP/1.1 500 Server Error
{
"errors": [
{
"message": "Server Error",
"phrase": "6 sad squid snuggle softly"
}
]
}
Code | Meaning | Description | |
200 | Success | If data was requested, it will be available in the data field at the top level of the response body. | |
201 | Created (for object creation) | Its information is available in the data field at the top level of the response body. The API URL where the object can be retrieved is also returned in the Location header of the response. | |
400 | Bad Request | This usually occurs because of a missing or malformed parameter. Check the documentation and the syntax of your request and try again. | |
401 | Unauthorized | A valid authentication token was not provided with the request, so the API could not associate a user with the request. | |
402 | Payment Required | The request was valid, but the queried object or object mutation specified in the request is only available to premium organizations and workspaces. | |
403 | Forbidden | The authentication and request syntax was valid but the server is refusing to complete the request. This can happen if you try to read or write to objects or properties that the user does not have access to. | |
404 | Not Found | Either the request method and path supplied do not specify a known action in the API, or the object specified by the request does not exist. | |
429 | Too Many Requests | You have exceeded one of the enforced rate limits in the API. See the documentation on rate limiting for more information. | |
451 | Unavailable For Legal Reasons | This request was blocked for legal reasons, commonly caused by embargoed IP addresses. | |
500 | Internal Server Error | There was a problem on Asana's end. |
In the event of an error, the response body will contain an errors field at the top level. This contains an array of at least one error object, described below:
Example | Description | |
message | project: Missing input Message providing more detail about the error that occurred, if available. | |
phrase | 6 sad squid snuggle softly 500 errors only. A unique error phrase which can be used when contacting developer support to help identify the exact occurrence of the problem in Asana's logs. |
Rate Limits
To protect the stability of the API and keep it available to all users, Asana enforces multiple kinds of rate limiting. Requests that hit any of our rate limits will receive a 429 Too Many Requests
response, which contains the standard Retry-After
header indicating how many seconds the client should wait before retrying the request.
Limits are allocated per authorization token. Different tokens will have independent limits.
The client libraries respect the rate-limited responses and will wait the appropriate amount of time before automatically retrying the request, up to a configurable maximum number of retries.
Standard Rate Limits
Request
GET https://app.asana.com/api/1.0/users/me HTTP/1.1
Authorization: Bearer <personal_access_token>
Response
HTTP/1.1 429 Too Many Requests
Content-Type: application/json
Retry-After: 30
{
"errors": [
{
"message": "You've made too many requests and hit a rate limit. Please retry after the given amount of time."
}
]
}
Our standard rate limiter imposes a quota on how many requests can be made in a given window of time. Our limits are based on minute-long windows, and differ depending on whether the domain is premium or not. We may change these quotas or add new quotas (such as maximum requests per hour) in the future.
Domain type | Maximum requests per minute | |
Free | 150 | |
Premium | 1500 |
In addition, calls to the search API are limited to 60 requests per minute. The duplication endpoints are limited to 5 concurrent jobs.
Although the quota is defined per minute, it is evaluated more frequently than once per minute, so you may not need to wait for a full minute before retrying your request. For requests rejected by this limiter, the Retry-After
header has the result of this calculation.
Requests rejected by this limiter still count against the quotas so that ignoring the Retry-After
header will result in fewer and fewer requests being accepted during the subsequent tine windows.
Concurrent Request Limits
In addition to limiting the total number of requests in a given time window, we also limit the number of requests being handled at any given instant. We may change these limits or add new limits in the future.
Request type | Maximum concurrent requests | |
Reads GET | 50 | |
Writes POST, PUT, PATCH, DELETE | 15 |
For example, if you have 50 read requests in-flight and attempt to make another read request, the API will return a 429 Too Many Requests
error. The read and write limits are independent of each other, so the number of read requests you make at one time will have no impact on the number of write requests you can make.
Responses for requests rejected by this concurrent request limiter will contain a Retry-After
header specifying a duration long enough such that the other in-flight requests are guaranteed to have either completed or timed out.
Cost Limits
Objects in Asana are connected to each other in a graph. Some examples of links in this graph are:
- a task object is linked to a user object as the assignee
- a user is linked to the projects it's following
- a tag is linked to all its tasks
- a task is linked to all its subtasks
- a task is linked to all its custom field values
Depending on the kind of requests you make to our API, our servers have to traverse different parts of the graph. The sizes of these parts directly influence how expensive it is for our servers to build the API responses. For example, fetching just the name and gid
of a task requires very few resources and no traversal of the graph, but fetching all tasks in a project and all their attributes (assignee, followers, custom fields, likes) can require following several thousand links in the graph.
Because there can be a wide range in the cost of any given API request in terms of the computational resources and database load, the standard rate limits are not always enough to maintain stability of the API. In the past, when we’ve received bursts of expensive requests, our typical course of action has been to block the offending authorization token and reject all future requests, resulting in confusion for both the user and the app developer. Instead, to protect against the extreme cases where API requests require inordinate traversal of the graph, we impose an additional limit based on the computational cost.
The cost we associate with a request isn't equivalent to the number of links in the subset of the graph involved, but it is roughly proportional. The cost of a request is calculated after the response has been fully built and we know how much data we needed to fetch from our databases to build it. This cost is then deducted from a quota, and the response is returned. Because the cost of a request is not known until we’ve built the response, we allow this deduction to result in a net negative quota. The request that causes the quota to become negative will receive the expected response and not be rejected.
When a request is received, if the remaining quota is not positive, the new request is rejected with a 429 Too Many Requests
. As with the standard rate limits, this quota is defined per-minute but is updated on a more frequent interval. The Retry-After
header will specify how long you must wait for the quota to become positive again.
The vast majority of developers will be unaffected by the cost limit, and the quota is set sufficiently high that it only affects users making requests that would compromise the stability of the API. Rather than unconditionally blocking their token from the API, this cost limiter will permit them to continue operation at a slower but safe and stable rate.
Common issues & pathological cases to avoid
- Deeply nested subtasks (i.e. working sub-subtasks, sub-sub-subtasks, etc.)
- Projects with too many tasks (i.e projects with over 1,000 tasks)
- Too many unreadable tags in a workspace
- Domains with too many projects for typeahead to work well
- Undeleted webhooks
Rich Text
Example Rich Text
<body>All these new tasks are <em>really</em> getting disorganized, so <a data-asana-gid="4168112"/> just made the new <a data-asana-gid="5732985"/> project to help keep them organized. <strong>Everyone</strong> should start using the <a data-asana-gid="6489418" data-asana-project="5732985"/> when adding new tasks there.</body>
The web product offers a number of rich formatting features when writing task notes, comments, project descriptions, and project status updates. These features include bold, italic, underlined, and monospaced text, as well as bulleted and numbered lists. Additionally, users can "@-mention" other users, tasks, projects, and many other objects within Asana to create links.
The rich text field name for an object is equivalent to it's plain text field name prefixed with html_
. The following object types in Asana support rich text:
Object | Plain text field | Rich text field | |
Tasks | notes | html_notes | |
Projects | notes | html_notes | |
Stories | text | html_text | |
Project status updates | text | html_text | |
Teams | description | html_description |
Reading rich text
Python
from lxml import etree
html_text = "<body>...</body>"
root = etree.HTML(html_text)
user_ids = root.xpath('//a[@data-asana-type="user"]/@data-asana-gid')
for user_id in user_ids:
print(user_id)
Java
import com.jcabi.xml.XML;
import com.jcabi.xml.XMLDocument;
import java.util.List;
XML root = new XMLDocument("<body>...</body>");
List<String> userIds = root.xpath("//a[@data-asana-type=\"user\"]/@data-asana-gid");
for (String userId : userIds) {
System.out.println(userId);
}
Javascript
var htmlText = '<body>...</body>'
var parser = new DOMParser()
var doc = parser.parseFromString(htmlText, "text/html")
var iterator = doc.evaluate(
'//a[@data-asana-type="user"]/@data-asana-gid', doc, null, XPathResult.ORDERED_NODE_ITERATOR_TYPE)
var node = iterator.iterateNext()
while (node) {
console.log(node.nodeValue);
node = iterator.iterateNext();
}
Rich text in the API is formatted as an HTML fragment, which is wrapped in a root <body>
tag. Rich text is guaranteed to be valid XML; there will always be a root element, all tags will be closed, balanced, and case-sensitive, and all attribute values will be quoted. The following is a list of all the tags that are currently returned by the API:
Tag | Meaning in Asana | |
<body> | None | |
<strong> | Bold text | |
<em> | Italic text | |
<u> | Underlined text | |
<s> | Strikethrough text | |
<code> | Monospaced text | |
<ol> | Ordered list | |
<ul> | Unordered list | |
<li> | List item | |
<a> | Link |
Note: This list can expand as new features are introduced to the Asana web product. Treat rich text as you would treat arbitrary HTML, and ensure that your code doesn't break when it encounters a tag not on this list.
While links are easy to understand when users view the rendered in the Asana web product, an <a>
tag and its href
alone are insufficient to programmatically understand what the target of the link is. This is confused further by the fact that the formats of these links are frequently ambiguous. For example, an @-mention to a user generates a link to their "My Tasks", which looks identical to a link to a normal project.
Because of this, the API will return additional attributes in <a>
tags to convey meaningful information about the target. The following is a complete list of attributes we may return inside an <a>
tag, in addition to the usual href
:
Meaning | ||
data-asana-accessible | Boolean, representing whether or not the linked object is accessible to the current user. If the resource is inaccessible, no other data-asana-* attributes will be included in the tag. | |
data-asana-dynamic | Boolean, represents if contents of the a tag is the canonical name of the object in Asana. If you want to set custom text that links to an Asana object, set data-asana-dynamic="false" when creating the tag. | |
data-asana-type | The type of the referenced object. One of user , task , project , tag , conversation , project_status , team , or search . | |
data-asana-gid | The GID of the referenced object. If the referenced object is a user, this is the user's GID. | |
data-asana-project | If the type of the referenced object is a task, and the link references that task in a particular project, this is the GID of that project. | |
data-asana-tag | If the type of the referenced object is a task, and the link references that task in a particular tag, this is the GID of that tag. |
Here are some examples of how this behavior manifests:
- Suppose a user with a name of "Tim" and a user GID of
"53421"
is @-mentioned. This will create a link to their "My Tasks" which is a project with a GID of"56789"
- The raw link generated in Asana will be
https://app.asana.com/0/56789/list
. - The
<a>
tag returned in the API will be<a href="https://app.asana.com/0/56789/list" data-asana-accessible="true" data-asana-dynamic="true" data-asana-type="user" data-asana-gid="54321">Tim</a>
.
- The raw link generated in Asana will be
- Suppose a link to a task with name "Buy milk" and GID
"1234"
being viewed in a project with GID"5678"
is copied from the address bar and pasted into a comment.- The raw link generated in Asana will be
https://app.asana.com/0/5678/1234
. - The
<a>
tag returned in the API will be<a href="https://app.asana.com/0/5678/1234" data-asana-accessible="true" data-asana-dynamic="true" data-asana-type="task" data-asana-gid="1234" data-asana-project="5678">Buy milk</a>
- The raw link generated in Asana will be
- Suppose another user @-mentions a project with GID
"5678"
that is private and not visible to you in the web product.- The raw link generated in Asana will be
https://app.asana.com/0/5678/list
. - The
<a>
tag returned in the API will be<a href="https://app.asana.com/0/5678/list" data-asana-accessible="false" data-asana-dynamic="true">Private Link</a>
- The raw link generated in Asana will be
Here's an example of what a complete rich comment might look like in the API:
<body>All these new tasks are <em>really</em> getting disorganized, so <a href="https://app.asana.com/0/4168466/list" data-asana-accessible="true" data-asana-dynamic="true" data-asana-type="user" data-asana-gid="4168112">Tim Bizzaro</a> just made the new <a href="https://app.asana.com/0/5732985/list" data-asana-accessible="true" data-asana-dynamic="true" data-asana-type="project" data-asana-gid="5732985">Work Requests</a> project to help keep them organized. <strong>Everyone</strong> should start using the <a href="https://app.asana.com/0/5732985/6489418" data-asana-accessible="true" data-asana-dynamic="true" data-asana-type="task" data-asana-gid="6489418" data-asana-project="5732985">Request template</a> when adding new tasks there.</body>
Writing rich text
When writing rich text to the API, you must provide similarly structured, valid XML. The text must be wrapped in a <body>
tag, all tags must be closed, balanced, and match the case of supported tags, and attributes must be quoted. Invalid XML, as well as unsupported tags, will be rejected with a 400 Bad Request
error. Only <a>
tags support attributes, and any attributes on other tags will be similarly rejected.
For <a>
tags specifically, to make it easier to create @-mentions through the API, we only require that you provide the GID of the object you wish to reference. If you have access to that object, the API will automatically generate the appropriate href
and other attributes for you. For example, to create a link to a task with GID "123"
, you can send the tag <a data-asana-gid="123"/>
which will then be expanded to <a href="https://app.asana.com/0/0/123/f" data-asana-accessible="true" data-asana-dynamic="true" data-asana-type="task" data-asana-gid="123">Task Name</a>
. You can also generate a link to a task in a specific project or tag by including a data-asana-project
or data-asana-tag
attribute in the <a>
tag. All other attributes, as well as the contents of the tag, are ignored.
To keep the contents of your tag and make a custom vanity link, include the property data-asana-dynamic="false"
when setting the contents of the tag. You would send <a data-asana-gid="123" data-asana-dynamic="false">This is some custom text!</a>
and receive <a data-asana-accessible="true" data-asana-dynamic="false" data-asana-type="task" data-asana-gid="123">This is some custom text!</a>
If you do not have access to the referenced object when you try to create a link, the API will not generate an href
for you, but will instead look for an href
you provide. This allows you to write back <a>
tags unmodified even if you do not have access to the resource. If you do not have access to the referenced object and no href
is provided, your request will be rejected with a 400 Bad Request
error. Similarly, if you provide neither a GID nor a valid href
, the request will be rejected with the same error.
Pagination
Paginating requests for object sets that may be large is highly recommended. For requests that will return large result sets the API may truncate the result or timeout attempting to gather the data. Pagination ensures a more reliable experience by limiting requests to a smaller number of objects at a time, ultimately getting you the results faster; should there be more results, the API will return an offset that will allow you to access the next page.
Strongly prefer paginated requests {#prefer-pagination}
For all new features in the Asana API, we're making pagination required by specifying a value for the limit parameter. Though they may return more results, our current unpaginated requests are still ultimately subject to a timeout limit, which means requests that work successfully one day may fail later due to factors such as server load and network latency.
Pagination limits provide a mechanism to specify a page size that we should always be able to serve regardless of these factors. To prevent current integrations from breaking, pagination is not enabled by default on "grandfathered" endpoints; instead, you can request paginated results by providing the optional limit parameter in your query. We will be working to deprecate requests to these endpoints in the future.
Request
curl "https://app.asana.com/api/1.0/tasks?project=1337&limit=5&offset=eyJ0eXAiOJiKV1iQLCJhbGciOiJIUzI1NiJ9" \
-H "Authorization: Bearer <personal_access_token>"
Response
{
"data": [
{
"id": 1000,
"name": "Task 1",
...
},
...
],
"next_page": {
"offset": "yJ0eXAiOiJKV1QiLCJhbGciOiJIRzI1NiJ9",
"path": "/tasks?project=1337&limit=5&offset=yJ0eXAiOiJKV1QiLCJhbGciOiJIRzI1NiJ9",
"uri": "https://app.asana.com/api/1.0/tasks?project=1337&limit=5&offset=yJ0eXAiOiJKV1QiLCJhbGciOiJIRzI1NiJ9"
}
}
Note that all of Asana's official client libraries support pagination by default.
When making a paginated request, the API will return a number of results as specified by the limit parameter. If more results exist, then the response will contain a next_page attribute, which will include an offset, a relative path attribute, and a full uri attribute. If there are no more pages available, next_page will be null and no offset will be provided. Do note that an offset token will expire after some time, as data may have changed.
When making paginated requests you are able to page through all objects for a particular query up to 100 objects at a time. Alternatively your query will be truncated at about 1000 objects. In addition, when issuing non-paginated requests to organizations with a large number of objects queries may time out before returning. For these reasons, we recommend that you paginate all requests to the API.
Parameter | Description | |
Limit | 20 The number of objects to return per page. The value must be between 1 and 100. | |
Offset | eyJ0eXAiOJiKV1iQLCJhbGciOiJIUzI1NiJ9 An offset to the next page returned by the API. A pagination request will return an offset token, which can be used as an input parameter to the next request. If an offset is not passed in, the API will return the first page of results. Note: You can only pass in an offset that was returned to you via a previously paginated request. |
This method returns paginated results for tasks from a project.
Input/Output Options
GET url params
?opt_pretty
?opt_fields=followers,assignee
PUT or POST body options
options: {
pretty: true,
fields: ["followers", "assignee"]
}
In addition to providing fields and their values in a request, you may also specify options to control how your request
is interpreted and how the response is generated. For GET requests, options are specified as URL parameters prefixed
with opt_
. For POST or PUT requests, options are specified in the body. If the body uses the application/x-www-form-urlencoded
content type, then options are prefixed with opt_
just like for GET requests. If the body uses the application/json
content type, then options are specified inside the top-level options
object
(a sibling of the data
object).
?opt_fields=name,notes&opt_pretty response
HTTP/1.1 200
{
"data": {
"name": "Make a list",
"notes": "Check it twice!",
"gid": 1224
}
}
These options can be used in combination in a single request, though some of them may conflict in their impact on the response.
Option | Description | |
pretty | Provides the response in "pretty" output. In the case of JSON this means doing proper line breaking and indentation to make it readable. This will take extra time and increase the response size so it is advisable only to use this during debugging. | |
fields | Some requests return compact representations of objects, to conserve resources and complete the request more efficiently. Other times requests return more information than you may need. This option allows you to list the exact set of fields that the API should be sure to return for the objects. The field names should be provided as paths, described below. The gid of included objects will always be returned, regardless of the field options. |
opt_fields nesting
"data": { < this
"gid": 1001,
"name": "Feed the cat", < this.name
"workspace": { < this.workspace
"gid": 14916,
"name": "Shared Projects", < this.workspace.name
},
"followers": [{ < this.followers
"gid": 1234,
"email": "tbizarro@…", < this.followers.email
}, {
"gid": 5678,
"email": "gsanchez@…", < this.followers.email
}]
}
Some output options allow you to reference fields of objects to include in the response.
The way to specify a field is by path. A path is made up of a sequence of terms separated by the dot (.
)
operator. It takes the form this.a.b
… where this refers to an object returned at the top level of the response,
a the name of a field on a root object, b a field on a child object referred to by a, and so on.
For example, when retrieving a task or tasks, the path this.followers.email
refers to the email field of all users
mentioned in the followers
field of the task or tasks returned. See the annotated output below:
There are also some advanced operators you can use for shorter syntax in selecting fields:
(
.. |
.. )
The group operator can be used in place of any whole term in a path, and will match any of a group of terms.
this.(followers|assignee).email
will match the email
field of the assignee
object or any of the followers
.
Custom External Data
Custom external data allows a client application to add app-specific metadata to Tasks
in the API. The custom data includes a string gid
that can be used to retrieve objects and a data blob that can store
character strings.
The blob may store unicode-safe serialized data such as JSON or YAML. The external gid
is capped at 1,024 characters, while data
blobs are capped at 32,768 characters. Each object supporting external data can have one gid
and one data blob stored
with it. You can also use either or both of those fields.
The external gid
field is a good choice to create a reference between a resource in Asana and another database, such as
cross-referencing an Asana task with a customer record in a CRM, or a bug in a dedicated bug tracker. Since it is just
a unicode string, this field can store numeric IDs as well as URIs, however, when using URIs extra care must be taken
when forming queries that the parameter is escaped correctly. By assigning an external gid
you can use the notation
external:custom_id
to reference your object anywhere that you may use the original object gid
.
Note: that you will need to authenticate with Oauth, as the gid
and data are app-specific, and these fields are not
visible in the UI. This also means that external data set by one Oauth app will be invisible to all other Oauth apps.
However, the data is visible to all users of the same app that can view the resource to which the data is attached,
so this should not be used for private user data.
Parameter | Description | |
gid | "contractor_name" The external gid . Max size is 1024 characters. Can be a URI. | |
data | "{ \"time_estimate\": 3600, \"time_spent\": 1482 }" The external data blob. Max size is 32,786 characters. |
App Server
Sample Server Code (don't use in production)
An app server cannot be handled via curl.
An App Server is required for working with Webhooks and Workflow Apps (UI Hooks). When we say "App Server", we are referring to the server Asana directly sends requests to. This is different from the service it may be connecting to in the end (like Slack or Jira).
For some features, Asana needs to send requests to an App. In order for an App to use these features, they will need to implement an App Server. App Servers are simply servers that an app controls. The server needs to be accessible via http requests, return successful response codes, and sometimes return valid json bodies to requests from Asana. Some requests will be sent from an Asana user's browser, while other requests will be sent from Asana's servers.
App Servers define their own paths. During the lifecycle of a Webhook or UI Hook, apps will need to declare the endpoints for Asana. For Webhooks, this happens when you create a new webhook. For Workflow Apps, some UI Hooks are declared on App Creation while others are dynamically declared in responses to requests from Asana.
You should test/debug your App Server with a tool like Postman or Insomnia.
In short:
- App Servers need to accept
http
requests and be accessible viaurl
. - Request payloads will be
json
and App Servers should respond withjson
(if a response is needed). - Successful requests should respond with either a
200
or204
status code. Some UI Hooks have additional error handling for codes like400
. - If an app server is down or throws a
500
, we will likely retry the request.
Error Handling and Retry
If we attempt to send a request to an App Server and we receive an error status code, or the request times out, we will retry delivery with exponential backoff.
The tolerance threshold for retries vary between Webhooks and UI Hooks. Refer to the documentation for each for a deeper understanding.
News and Changelog
To keep up to date on changes to the API, subscribe to Platform News in our developers forum.
To subscribe to updates:
- Go to Platform News
- Hit
login
in the top right and login with your Asana account. - Go back to Platform News and change the bell icon in the top right to "Watching First Post" or "Tracking".
Here are the most recent updates:
- Green? Red? Yellow? Blue! New Project Status Color 2020-12-18 21:47:24.382
- Webhooks Incident 11/14 2020-11-18 02:16:04.510
- A Problem with Webhooks & Events 2020-10-15 22:42:44.249
- Recent API Updates 2020-09-15 02:28:00.036
- June 16th webhooks and event streams outage 2020-06-18 04:48:23.438
SCIM
SCIM endpoints
Asana supports SCIM operations at https://app.asana.com/api/1.0/scim
. Okta provides greats docs for
understanding SCIM.
Note that only Service Accounts in Enterprise Domains can access SCIM endpoints.
API call | Asana Behavior | |
GET /Users | Return full list of users in the domain. Does not return Asana guest users | |
GET /Users/:id | Return specific user in the domain. Does not return Asana guest users. | |
POST /Users | Creates new user if the user does not exist | |
PUT /Users/:id | Update / remove attributes for a user. Deprovision user (zombify) in Asana upon active=false | |
PATCH /Users/:id | Deprovision user (zombify) in Asana upon active=false | |
DELETE /Users/:id | Deprovision user (zombify) in Asana | |
GET /ServiceProviderConfig | Read-only meta information | |
GET /ResourceTypes | Read-only meta information | |
GET /Schemas | Read-only meta information |
Deprecations
Communicating about breaking changes
Whenever possible, the Asana API aims to preserve backwards compatibility for its users. Apps you write on top of the API now should, in ideal situations, continue to work indefinitely. However, there are a few rare cases where breaking changes are required. For example:
- When we identify a stability threat, we may need to partially limit or entirely deprecate the culprit feature in the API.
- When making a change in a backwards compatible way results in a cluttered, brittle, and confusing interface to Asana.
- When not making a breaking change poses a security vulnerability, such as when we migrated from SSLv3 to TLS 1.0.
If a breaking change is required, the API team will provide a number of resources to help our developers get through the change:
- We will communicate early, and through a variety of channels. We recommend that you join the developers community forum to learn about changes to the API.
- We will provide a clear description of the change, how it affects your requests, and a migration plan to follow to transition through the deprecation.
- We will designate a deprecation period during which you will be able to choose between both old and new behavior from the API, allowing you to test out the change without having to put your entire app at risk.
Response header notifications
While the previously mentioned communication channels are the best place to learn about upcoming changes, the API itself will also alert you of upcoming changes. Shortly after we post communication, the API will begin sending Asana-Change
headers in the responses. These headers will have two or three pieces of information:
- The unique name of the change
- A URL to our blog post describing the change
- Optionally, a flag indicating that your specific request would be affected.
This header may be present multiple times in the response if there are multiple ongoing changes. Here's an example of one of these headers:
Asana-Change: name=security_headers;info=https://asa.na/api-sh;affected=true
Asana-Change: name=other_change;info=https://asa.na/api-oc
Note: If your request is not affected, we will not claim affected=false
. This is in case, during the deprecation, we detect that the change has a larger scope than initially thought. A request going from "you may be affected" to "you definitely are affected" is an acceptable update, but a request going from "you definitely are not affected" to "you definitely are affected" is not an acceptable update.
Request header options
During the deprecation period, you can test out how the API will behave by sending additional headers in your requests. Sending an Asana-Enable
header including comma-separated names of features will turn those features on for that request. Sending an Asana-Disable
header will do the opposite and turn those features off for that request.
If no header is specified, the default behavior will be determined by how far into the deprecation period we are:
- Before the start of the deprecation period (the "start date") the feature will be disabled, and it will not be possible to enable it.
- After the start date, the feature will be disabled by default, but you can begin choosing whether to enable or disable it.
- In roughly the middle of the deprecation period (the "activation date") the default behavior will switch and the feature will be enabled by default. You can continue to disable it with the appropriate header.
- At the end of the deprecation period (the "end date") the feature will be enabled and you will no longer be able to manually disable it.
The start, activation, and end dates will clearly be documented in our communications. These days may be pushed into the future if we discover that developers need more time to migrate their apps, but they are guaranteed to never occur sooner than documented.
These dates are arranged such that, if a developer happens to miss our communication and their app breaks when the default behavior changes on the activation date, they can begin sending the Asana-Disable
header to restore the old behavior and use the remaining half of the deprecation period to make their app compatible.
Here's an example of how these headers would look:
Asana-Enable: security_headers,another_change
Asana-Disable: a_third_change
Aside from reserving the right to push the date of changes to a future date, the precise time during the activation date isn't specified. However, since the default will only affect your integration if you do not pass either the Asana-Enable
or Asana-Disable
headers for a particular deprecation you can ensure predictable behavior of our API for your app during the entire period, including throughout the activation date.
The way we recommend you implement these changes in your integration is this:
- Whenever you detect a new Asana-Change header, log these requests and be sure to take note that a change is coming. Recall that the
info
key in the header will contain a link with the details. - Identify the nature of the upcoming deprecation and decide if your integration is sensitive to the change, paying particular attention to the cases where we return
affected=true
. - If changes are necessary in your integration, test the new behavior manually by making requests with
Asana-Enable
set to the name of the deprecation. This should provide a clear example of the new behavior as it is implemented in our API. - Implement the changes in your integration in such a way that it can handle the new behavior and be sure to pass the
Asana-Enable
header when you make requests. This will ensure that you will always get the new behavior regardless of when the default behavior changes.
At this point, your integration has been migrated to the new behavior. At any point after the end date the Asana-Enable
header will be ignored by the Asana API and you can feel free to remove it. (We strongly recommend keeping it all the way through the end date in case of unforseen circumstances that cause us to temporarily reset the default behavior from the new implementation to the deprecated behavior.)
Client library support
The latest version of our official client libraries for Python, Java, PHP, and Javascript all support sending custom headers and are able to use our deprecations framework. Consult the individual libraries for how to send headers with each request.
Developer Sandbox
An Asana developer sandbox consists of a temporary Asana domain with limited users. It is essentially a standard Asana account where you can test premium features during development.
Developer Sandboxes are intended for:
- Developers building or maintaining a 3rd-party integration with Asana (submit your completed integration to get listed on our apps page)
- Existing premium Asana customers that require a separate environment to perform risk-free testing on the API
To request a developer sandbox, please fill out this form.
API Explorer
The Asana API Explorer is a tool to easily make API requests in your browser and quickly test various routes, fields, and parameters.
The explorer is not meant to be an exhaustive tool with every endpoint in the API (try Postman if you want a tool with complete coverage). Instead, the explorer is designed to be a simple tool to help developers quickly access the API and see examples of requests and responses fetching real Asana data.
Follow these steps to get started:
Go to the API Explorer site: https://developers.asana.com/explorer
Click the large button that says “Click to authorize API Explorer”. This will use your Asana credentials to provide cookie authentication for the requests you make in the explorer. Because the explorer is using your Asana account, it only allows read requests (i.e.
GET
only) to protect against unintentionally changing your Asana data.Choose the resource you wish to query from the drop-down.
In the next drop-down, choose your desired route for that resource.
Under "Include Fields," You have the option to select only the fields you would like to include in the response (more about I/O options).
The default response limit is 10. You can increase it up to 100.
Add the required “Attribute parameters”. Note that task and project gids are in URLs when viewing those resources in the Asana web product (e.g. when viewing a task in a project: https
://app.asana.com/0/'project-gid'/'task-gid'). In subsequent requests, you may have a pagination token (see the pagination docs for more on this) to paste into the “Offset” field.
You have the option to include additional parameters in your request.
Click “Submit” to send your request to the API. You will receive a JSON pretty-formatted response.
Submit your App
Have you built a web application that you want to share with the Asana community? Submit this form to get your app listed in the Asana apps directory.
Recommendations and resources for app developers:
We strongly recommend that you use OAuth 2.0 for your app. Apps that don’t use Auth 2.0 will likely not be approved for listing in our directory.
Be aware of the OWASP Top 10 Web App Security Risks when developing your app.
If you are new to app security, we recommend reading The Web Application Hacker's Handbook.
Use end-to-end encryption. Use a trusted site to test your TLS security (such as: https://www.ssllabs.com/ssltest/).
Join the Asana developer community. This is the best resource to get technical questions answered as well as get notified about new API features, deprecations, and other breaking changes.
Once your app is listed, you can answer Asana user questions in the integrations section of the Asana community.
Updating your existing app listing
If you wish to update your existing listing, send an email to api-support at asana.com with the specific changes.
We expect existing apps to maintain the same level of user experience that they had when accepted to the apps directory.
Custom Apps
What to consider when building a custom app.
Unlike 3rd-party apps and integrations used by many companies, custom apps are designed to only be used within a single domain. For example, an Asana customer may want to use the API to create a bot, integrate Asana with a homegrown tool, or generate custom reports. If you want to get inspired about what’s possible with custom apps, here are some common use cases.
Authentication
Most custom apps use Personal Access Tokens (PATs) for authentication. In general, PATs are best for projects that don’t require multiple users to log in. For example, it’s advisable to use PATs to auth scripts, bots, or anything else that doesn’t require taking action on behalf of multiple Asana users. While less common, if your custom app requires users to sign in to use it, then you should consider using OAuth.
API Explorer
If you're unfamiliar with our API, it may be helpful to start by playing around with our API explorer. It’s a quick and easy way to test endpoints and see how various parameters affect responses. You will also find guides and code examples in our docs and client libraries that are helpful when getting started.
Client Libraries
You should consider using one of our API client libraries for your custom app. They simplify some of the more technically challenging aspects of development such as authentication and pagination. There are code examples for each library to help you get started. The client libraries also help developers navigate API deprecations, which will help you avoid unexpected breaking changes and reduce the overall time required for maintenance.
Note that client library functions are not documented. You need to check the lib/resources/gen
folder of each library to see the built-in functions.
API support
If you get stuck or need help developing your custom app (or just want to meet other Asana developers), join our active developer community. On the forum, you can find answers to many technical questions. If your question has not yet been answered, post it and you should get a reply within a day or so. In addition to community support, internal Asana engineers also help troubleshoot issues on the forum. If you have found an API bug, you can either post it to the community or email the issue to api-support at Asana dot com.
Deployment
Once you’ve created a custom app, you will likely want to host it somewhere. While you could run your script from the command line, doing so is tedious and time consuming.
The most basic, automated option is to use launchd to programmatically execute your app on your machine (launchd is like cron but better). Here’s a tutorial to get you started with launchd.
A more robust option would be to deploy your custom app to a hosted server. Here’s a guide exploring some of the popular hosting providers. Hosting your app makes it more resilient and allows you to add more sophisticated features (e.g. use webhooks).
Remember to securely store your PAT and any other sensitive data (never expose a PAT in a public repository).
Maintenance
Make certain that the email address associated with your custom app is being actively monitored. We only email developers for critical issues such as API bans and upcoming deprecations that our logs show will break your app. If you’re using a PAT to authenticate, you should confirm that the email address associated with the Asana account that generated the PAT is being actively monitored by one or more people.
We also recommend all developers join the Asana developer community. This is where we will communicate new API features as well as announce upcoming breaking changes. To ensure you don’t miss these announcements, we encourage you to turn on notifications for the Platform News section of the community.
If your app is having issues, here are some steps to help you troubleshoot the issue:
- Carefully read any error messages (here are the docs for Asana error codes).
- Check the status of the Asana API to confirm it’s up and available.
- Check for any issues with the server that is hosting your app.
- Check the Asana dev community to see if others are having the same issue.
- If you can't find an answer on the community, post your issue and someone will likely help. Please include all of the required information to reproduce the issue (e.g. verbose CURL request with full response). Never post a PAT to the forum (or share it anywhere else).
How to use the API
Request
https://app.asana.com/api/1.0/users/me
If you're familiar with building against APIs, you can jump to our examples.
If you’re new to developing on APIs, this is a great place to start. You’ll learn in this guide how to make the simplest Asana API request -- getting your user information.
To get started
- Be logged into Asana.
- Go to this URL: https://app.asana.com/api/1.0/users/me
me
is a User Identifier that refers to the logged in user. A User Identifier can be either me
, an email_address, or the gid of the user.
Response
{
"data": {
"gid": "12e345a67b8910c11",
"email": "jonsnow@example.com",
"name": "Jon Snow",
"photo": {
"image_21x21": "https://s3.amazonaws.com/profile_photos/121110987654321.hJGlskahcKA5hdslf4FS_21x21.png",
"image_27x27": "https://s3.amazonaws.com/profile_photos/121110987654321.hJGlskahcKA5hdslf4FS_27x27.png",
"image_36x36": "https://s3.amazonaws.com/profile_photos/121110987654321.hJGlskahcKA5hdslf4FS_36x36.png",
"image_60x60": "https://s3.amazonaws.com/profile_photos/121110987654321.hJGlskahcKA5hdslf4FS_60x60.png",
"image_128x128": "https://s3.amazonaws.com/profile_photos/121110987654321.hJGlskahcKA5hdslf4FS_128x128.png"
},
"resource_type": "user"
}
}
And Congratulations! You’ve just made your first Asana API request.
Let’s unpack what just happened. The base URL for all requests to the Asana API is https://app.asana.com/api/1.0
. We want information about users, so we go down a level to the https://app.asana.com/api/1.0/users
resource. Within the set of all users in Asana, We’re specifically looking to get information about our own account, so we get more specific by adding /me
to get https://app.asana.com/api/1.0/users/me
. The /me
part would ordinarily be an identifier (a long number) or email address of the user, but we've created this shorthand for getting the current user of Asana's API, whomever that may be. Put it together and you have the above path to get your user information from Asana.
Since every API request you make will start with the same base URL ('https://app.asana.com/api/1.0'), we'll just talk about what comes next in the URL -- which is often referred to as a 'resource' or 'path'. For instance, when we say /users/me
it's actually shorthand for the entire URL which would be https://app.asana.com/api/1.0/users/me
.
After requesting information from the API, you will receive a response in JSON format, which can be read and understood by both humans and computers. It's structured in a particular way so programs can rely on a consistent format for the data.
Our API is documented for what resources are available and what sort of return data to expect. For example, here are the docs for the /users
endpoint which we just called. This is where you can discover what's possible with our API.
Now, let’s make the same call to /users/me
more like software would. Before we do so, we’ll need to get access outside of your web browser to the API.
Authentication Quick Start
Similarly to entering your username/password into a website or logging into Asana with Google, when you access your Asana data via the API you need to authenticate. In the above example, you were already logged into Asana in your browser so you were able to authenticate to the API with credentials stored by your browser.
If you want to write a script that interacts with the Asana API, the easiest method is to get a Personal Access Token (PAT), which you can think of as your unique password for accessing the API.
App or PAT?
If your app needs to perform actions on behalf of users, you should use OAuth.
Getting a Personal Access Token (PAT)
Example PAT
0/68a9e79b868c6789e79a124c30b0
- Open the Developer App Management page by using this permalink or following these steps:
* From within Asana, click your profile photo from the top bar and select "My Profile Settings"
* Click the "Apps" tab
* Click "Manage Developer Apps"
Click "+ Create New Personal Access Token"
Type a description of what you’ll use the Personal Access Token for.
Click "Create"
Copy your token. You will only see this one time, but you can always create another PAT later.
Note: treat your PAT like you would a password. Do not share it or display it online.
Using Terminal
curl Request
curl https://app.asana.com/api/1.0/users/me \
-H "Authorization: Bearer 0/123456789abcdef"
We’ll use cURL, a command line[^1] program to make HTTP requests. MacOS and many Linux distributions have cURL pre-installed, and it’s available for download on Windows and many other operating systems. If you’re curious, you can learn more about cURL in its own documentation.
Let’s do this:
Response
{
data: {
gid: "<your gid>",
email: "<your email>"
name: "<your name>",
...
}
}
Copy/paste the cURL request on the right (make sure to enter your personal access token instead of the placeholder after the word "Bearer", or else you'll get a "Not Authorized" message):
Press Enter
Nice work! You just wrote a cURL command.
In our API documentation, we will often write examples as cURL commands since it's a middle-of-the-road approach to accessing our API: more flexible than using a browser, but user-friendly enough to be quick and easy to do.
You’re ready to start coding!
Asana has client libraries in several popular coding languages. Using these libraries has several advantages (like managing authorization and retrying errors) that make them a good place to go from here. Let’s take a look at making the same /users/me
request in Python, JavaScript, and Ruby (feel free to skip ahead to your favorite of the three languages).
Using Postman
You can quickly get started on Asana's API with the API Explorer. However, if you want a more robust experience hitting the API, we recommend using Postman. You can get started with the 'Run in Postman' button!
Once you have the collection, you should create an environment.
You'll want to set:
authentication_token
to a PAT. If you don't have one yet, visit our Authentication Quick Startworkspace
to your workspace's gid, you can find via a logged-in browser by going to https://app.asana.com/api/1.0/users/me/workspaces, or you can hit that endpoint using your PAT- any other gids you want to easily access.
- For example, in my Postman. I set
task
to the gid of a task I regularly test with,project
to a the gid of a private sandbox project, anduser
to the string 'me'.
- For example, in my Postman. I set
No need to edit your environment for requests on different objects, simply navigate to the endpoint you want to use, and change the {{object}}
to any gid you want.
Importing this collection gives you a snapshot of the API at this time. To stay up to date with API changes, you'll have to re-import the collection by hitting the 'Run in Postman' button, and choosing to override your existing collection. This means if you want to save custom requests, you should do so in a different collection.
Common Usecases
Collaboration across teams and tools works best when everyone stays in sync and processes flow easily and without friction. This is why we have Asana's API: it's a platform to ensure all of your information is up to date and that your teams stay efficient and in the loop.
Asana’s API provides a means for software and scripts to read information from inside Asana, input information from outside Asana, and automatically react when things change. This can include:
- Consistently doing repetitive or tedious tasks.
- Chaining a process together by responding to changes.
- Creating reports on the state of tasks and projects.
- Staying in sync with other software such as Slack or Salesforce used in your organization.
- Pulling information from other locations like email or Evernote into Asana.
- Adding new features on top of Asana.
- Customizing Asana for your team’s processes and workflows.
The role of Asana's platform is to allow Asana to meet your team where you are and how you work. Asana is built to be flexible and powerful, to be intuitive enough for all teams to adopt and maintain clarity on who is doing what by when. Asana’s platform enables you to specialize this flexibility to maximize efficiency. Here are some ideas for what you can build:
Doing repetitive work
Integrations and bots are great for making sure that repetitive tasks are always taken care of. Running a script with Asana's API can quickly take care of work like moving cards between board columns, setting assignees or due dates based on the state of the task, or asking that all custom fields are set before work can begin on a task. This can save time and overhead when trying to keep your projects clear and correct.
Reacting to changes
Workflows with Asana often have a "when this task changes, do something" feel. An example is moving tasks between projects based on subtasks: if one team completes a subtask, move the parent task to the next team's project. Integrations can be built to respond in near-real time to changes in Asana to move work forward to the next step.
Generating reports
Fetching the state of the tasks in a project or for your teammates can unlock the ability to create simple - or complex - metrics around how you are progressing. How many open tasks are there in the project? Who has the most tasks assigned? How often does the due date of each task get shifted back? Our platform enables pulling of data from Asana to make customized metrics to track your work.
Keeping in sync
Teams frequently use a multitude of software tools to accomplish work, from email to asset management to file storage. These specialized tools are often used with colleagues who don't track their work with Asana; and even if they do, keeping all of your tools in sync makes the transitions between tools straightforward to minimize work about work.
Some of our integration partners, like Tray.io, Unito, and Zapier, offer syncing solutions out of the box with common workplace tools, or you could build your own solution in cases where you need more flexibility, such as when connecting to customized or internally-built software.
Capturing work
Asana is built for teamwork and knowing who is doing what by when. Having an easy way to capture information in Asana makes it less likely that work will slip through the cracks. For example, when communicating with people who work in other companies who aren't members of your Asana organization, an integration like we built for Gmail lets you create follow-up tasks with just a few clicks.
Getting information into Asana in a quick and easy way is important for ensuring that you don’t drop the ball. Asana’s platform is a great way to pull information from many channels into Asana with minimum hassle.
Extending Asana
Asana is built to be a tool that works well for all teams, so we build features into our core product that aren't overly opinionated about how you get work done. At the same time, there is opportunity for teams to use Asana in a specialized way or with specific additional features. When there are features that you'd like Asana to have, our platform is a resource to make them happen. As a matter of fact, some of our more successful integrations like Instagantt exist purely to provide additional features to Asana.
Customizing workflows
Integrations or scripts work great to maintain a custom workflow, saving a team member from having to continually pay attention to the state of tasks in Asana.
Whether it's ensuring that custom fields are filled out, tasks are completed, tasks live in the correct board-view column, or automatically assigning tasks at certain stages in your process, integrations can react to changes in Asana to ensure that everyone is up to date. When processes mature around how you get work done, it's a great time to use Asana's platform to make sure everything stays consistent and clear.
Check out some examples of integrations we've built on Asana in the next section.
Examples
Python Hello World
import asana
# replace with your personal access token.
personal_access_token = '0/123456789....'
# Construct an Asana client
client = asana.Client.access_token(personal_access_token)
# Set things up to send the name of this script to us to show that you succeeded! This is optional.
client.options['client_name'] = "hello_world_python"
# Get your user info
me = client.users.me()
# Print out your information
print("Hello world! " + "My name is " + me['name'] + "!")
To get started, run pip install asana
or follow the detailed installation instructions on the GitHub page for the Python client library.
Once it’s installed, open your favorite text editor and we’ll code a GET request to /users/me
in Python.
Save this file as something descriptive like "hello_world.py"
To run this script in your console, pass it as an argument to the python interpreter, i.e. python hello_world.py
from the same directory as the file. You should see the message we wrote above with your user information.
As an aside, for clarity python-asana
will also work with Python 3.x (with small changes to the above example to make it compatible.)
All of the built-in functions can be found in the /gen folder of the client library.
You can see a variant of this script, and other useful Asana API scripts, in our open-source Github examples repository
Node Hello World
var asana = require('asana');
// replace with your personal access token.
var personalAccessToken = '0/123456789....';
// Construct an Asana client
var client = asana.Client.create().useAccessToken(personalAccessToken);
// Get your user info
client.users.me()
.then(function(me) {
// Print out your information
console.log('Hello world! ' + 'My name is ' + me.name + '!');
});
To get started, npm install asana
or follow the detailed installation instructions on the GitHub page for the Node client library.
Once it’s installed, open your favorite text editor and we’ll code a GET request to /users/me
- the same request as above, but in Javascript.
Save this file as something descriptive like "hello_world.js"
To run this script in your console, pass it as an argument to the node interpreter, i.e. node hello_world.js
from the same directory as the file. You should see the message we wrote above with your user information.
All of the built-in functions can be found in the /gen folder of the client library.
You can see a variant of this script, and other useful Asana API scripts, in our open-source Github examples repository
Ruby Hello World
require 'asana'
# replace with your personal access token.
personal_access_token = '0/123456789....'
client = Asana::Client.new do |c|
c.authentication :access_token, personal_access_token
end
me = client.users.me
puts "Hello world! " + "My name is " + me.name + "!"
To get started, `gem install asana` or follow the detailed installation instructions on the [GitHub page for the Ruby client library](https://github.com/Asana/ruby-asana/).
Once it’s installed, open your favorite text editor and we’ll code a GET request to /users/me
- the same request as above, but in Ruby.
Save this file as something descriptive like "hello_world.rb"
To run this script in your console, pass it as an argument to the ruby interpreter, i.e. ruby hello_world.rb
from the same directory as the file. You should see the message we wrote above with your user information.
All of the built-in methods can be found in the /resources folder of the client library.
You can see a variant of this script, and other useful Asana API scripts, in our open-source Github examples repository
Workflow automation script
Asana's API enables customization and automation of your organization’s workflow through scripts built to specialize your use of Asana. Using Asana to track your work and leveraging Asana’s API to automate your processes is a powerful combination which can make your team much more efficient. Here's one example of how we do it at Asana.
Tracking timely responses to support questions
Asana’s developer relations team manages technical support for our API through a number of channels: support tickets, questions about our API and integrations forwarded on from our colleagues, the Asana Community's Developer category, Stack Overflow, pull requests and bug reports from open-source GitHub projects like our client libraries, and more. Staying on top of all of these channels can be daunting, but we want our users to reach us however works best for them. At the same time, we want to isolate the noisiness of incoming requests for our colleagues at Asana who are involved with only one channel.
Additionally, the management of the question and answer process, triaging the incoming requests, troubleshooting with our engineers, and measuring our response performance are all internal processes. Even if we have a workflow in place to support our developer relations team, we want the experience for other teams to be easy and lightweight. We want to ensure our coworkers do the right things by default without hindering the consistency of our work and our ability to track progress.
Our solution: automation and reporting through our API to provide consistent management of the whole process.
To do this, we wrote an integration with the following goals in mind:
- Maintain clarity amongst our teams by tracking work in Asana.
- Have only one place we have to look to stay in the loop.
- Ensure that no questions get missed, i.e. a reminder bot.
- Let our API users know that they've been heard in a timely fashion.
- Track our performance in remaining responsive.
- Automate some of the bookkeeping required to maintain a consistent workflow.
- Separate the specifics of how we track our performance from our colleagues’ workflows.
The script we built does the following for us:
- Integrate with external sources to put incoming questions into Asana, one project per channel.
- Add question tasks from each incoming project into a single combined project.
- Acknowledge a question has been received and begin tracking response times.
- Upon first response, complete a task to signal relevant followers that we've reached out.
Maintain focus
We use webhooks to get notified in near-real time when new tasks are created in any of several Asana projects, one per incoming channel. Some of these projects are automatically synced with outside sources, others are available for our coworkers to create tasks in. Keeping tasks in their source channel helps keep us organized for where to go to respond. These projects are what our colleagues follow in order to remain focused on their own channels.
Our script responds to these webhook notifications from each project by adding these tasks into a single "Developer Questions" project. Our developer relations team can then see all outstanding questions about our API in a single place. This is a key part of hitting our service level agreement (SLA) goals: not having to cycle through many projects and channels to see how we're progressing.
Ensure timely responses
Once a question gets added to our Developer Questions project, our integration creates a subtask on it. This signals to our colleagues that we have received the question and will begin to triage and investigate. The subtask is completed when we first respond to our users to inform them that we're investigating. Completion of the question task itself signals that we've achieved a resolution for the person who reached out to us.
Track progress
Our script can generate a simple report to see which questions are still open, how long they’ve been open, and how much time we have left to answer before we miss our service level agreement limits. A simple webpage that the integration creates enables a high level view of what's still in progress and how timely we've been in the past.
Keep the process moving, automatically
Our integration also helps automate some of the routine steps to ensure questions get answered. After a task gets triaged for priority, our integration sets an appropriate due date. It can also set an assignee and followers based on current workload and by matching certain keywords in the task description. If the task approaches its due date and it has not received a response, the script comments on the task to alert us that the question is about to reach our SLA limit. This helps us keep the right people in the loop with minimal overhead and maximum clarity of what needs to be done by when.
By managing this routine and specialized workflow with automation through Asana’s API, our team is more efficient, more effective, and less likely to make a mistake. We know how responsive we've been and can see how we're doing at any time. We're better able to minimize the number of questions which slip through the cracks. The result is better support for outside developers and increased focus on core work, not work about work.
Over time, we've continuously tweaked how our integration behaves to evolve our process, empowering us to adjust and iterate our approach. This is one of the key opportunities that Asana's API provides: ownership and control over how work gets done. Incremental improvements provide the chance to try out new workflows and settle on one that works well for everyone, leading to a more consistent and customized experience of using Asana.
To get started, check out our examples page. For support or to generate ideas of how your team can work more effectively with Asana, head to the Asana Community to chat with Asana team members and users!
Triage bot
Let’s start coding!
Follow along below in the right pane to see the terminal commands and code for this tutorial. We will use a very basic file structure for the purposes of this guide. Start by making a project directory, moving into it, and running
npm init
.
$ mkdir triage-bot
$ cd triage-bot
$ npm init
Install the Node Asana client library and create config and app files:
$ npm install asana
$ touch config.js app.js
Add gids (global ids) for the workspace, design request project, and designers that will be assigned requests (note that all gids in Asana should be strings). You can get a project’s gid from its URL in the Asana web product (e.g. the structure of links for a task is www.asana.com/0/{project_gid}/{task_gid}). Similarly, you can get user’s gid from the URL of their task list (i.e. click on their name in Asana). To get your workspace gid(s), go to https://app.asana.com/api/1.0/users/me/workspaces.
let config = {
workspaceId: "15793206719",
designRequestProjectId: "180350018127066",
//gids of designers who are fulfilling design requests
designers: ["180015866142449", "180015866142454", "180015886142844"]
};
module.exports = config;
Next, let’s get started on our app.js file. Include the Asana node client library and the config file:
let asana = require('asana');
let config = require('./config');
Get your access token and use it to create an Asana client. At the time of writing this guide, the Asana API is going through two deprecations (moving to string gids and changing how sections function). You can learn about our deprecations framework in our docs. To prevent my app from breaking when the deprecations are finalized, I'm passing headers to enable the new API behavior for string gids and sections. We will also set a delay to determine how quickly our parallel requests are sent.
// Get personal access token (PAT) from environment variables.
const accessToken = process.env.triage_bot_pat;
const deprecationHeaders = {"defaultHeaders": {"asana-enable": "new_sections,string_ids"}};
// Create Asana client using PAT and deprecation headers.
const client = asana.Client.create(deprecationHeaders).useAccessToken(accessToken);
// Request delay in ms
const delay = 200;
Use the search API to fetch unassigned tasks from the design requests project. Note that the search API doesn’t return paginated results so you need to pass the max limit which is 100. If there are often more than 100 unassigned tasks, you can add a function to keep running the script until there are no more unassigned tasks.
function getUnassignedTasks() {
let workspaceId = config.workspaceId;
let params = {
"projects.any" : config.designRequestProjectId,
"assignee.any" : "null",
"resource_subtype": "default_task",
"fields": "gid",
"limit": 100
};
client.tasks.searchInWorkspace(workspaceId, params).then(tasks => {
randomAssigner(tasks.data);
});
}
We’ll need a few helper functions. One to shuffle an array and another to assign tasks.
function shuffleArray(array) {
for (let i = array.length - 1; i > 0; i--) {
let j = Math.floor(Math.random() * (i + 1));
let temp = array[i];
array[i] = array[j];
array[j] = temp;
}
return array;
}
function assignTask(taskStringId, assigneeStringId) {
client.tasks.update(taskStringId, {assignee: assigneeStringId})
}
Our final function will take the array of unassigned tasks and round-robin assign them to the group of shuffled designers from the config file. We will use an interval to loop so we can control the speed of the requests. You can change the delay with the const you declared earlier. This is a balance between speed and staying within our concurrent request limit. In node, a normal loop would send all requests at once, which doesn’t work in larger projects.
function randomAssigner(unassignedTasks) {
let shuffledDesigners = shuffleArray(config.designers);
let numDesigners = shuffledDesigners.length;
// Let's use an interval to loop, so we control how quickly requests are sent
let index = 0;
let interval = setInterval(function() {
assignTask(unassignedTasks[index].gid, shuffledDesigners[index % numDesigners]);
index++;
// When our index reaches the end, we're done
if (index >= unassignedTasks.length) {
clearInterval(interval);
console.log("You've assigned " + unassignedTasks.length + " new design requests");
}
}, delay);
}
Then we just need to call our getUnassignedTasks function to kick-off the script:
getUnassignedTask();
Now run your script, sit back, and watch the bot do your work.
$ node app.js
Why build a bot?
When processes get complex in Asana there can begin to be work about work. This could be happening to you (or someone you love) if you find yourself spending time doing repetitive work such as triaging tasks, reminding people to do something, or adding/removing followers as you move a task through a workflow.
What we’re going to build
In this guide, we will build a simple triage bot that will assign tasks. This is a common Asana use case with support inboxes or request projects.
If you want to skip ahead and see the code for the triage bot, it’s on Github in the Javascript folder of our devrel-examples repo.
For this guide, let’s suppose a design team has a requests project where people from the marketing team fill out an Asana form to request graphics from the design team. The form creates a task in the design requests project that needs to be assigned to a designer.
Our triage bot will gather all unassigned tasks in the design request project and then randomly distribute the requests across a group of designers.
For the purposes of this guide, we will keep it this simple, however, you could add more complex logic to your bot. For instance, you could check custom field values on the request task to see what type of request it is (e.g. video, graphic, logo, etc.) and then assign it to the designer that has those skills. You could go even further and check the designers workload to see who currently has the least amount of work already assigned to them (this could be determined by a point value for tasks assigned to them in the project). You could then have the bot ping the design request task as it approaches the due date to ensure that the designer will have it completed on deadline.
Helpful links
Before we get started, here are some helpful links for building on the Asana API:
- Asana API reference docs
- Asana longform documentation
- Asana developer community -- if you get blocked or have a question about the API, there are devs in our community that are eager to help. We also post API updates and news to the community forum.
- The code for this bot on Github
Create your bot user in Asana
Create a new Asana account for your bot (instructions for inviting users). You want to create a distinct Asana account for your bot because any action it takes in Asana will be attributed to this user. Give your bot a name and photo that will be recognizable to users in Asana that encounter it. Note that if your bot is a guest member in Asana that it will need to be added to every project you need it to work in. Bots based on guest Asana accounts will also not have access to some API features such as defining new custom fields or modifying their settings.
Authenticating your bot
We will authenticate our bot using a Personal Access Token (PAT). Log in to the Asana account that will be used for the bot and navigate to the developer console. You can get to your dev console by either using this URL https://app.asana.com/-/developer_console or from within Asana by clicking your photo icon in the upper right of Asana -> My Profile Settings -> Apps -> Manage Developer Apps.
Next, click “+ New access token” and follow the instructions to get your token. Treat this token like a username and password. Don’t share it with anyone and never publish it to a public repository. I like to save my PAT as an environment variable (here are instructions on how to do this on Mac). For this guide, I’ve saved a PAT as an env variable called triage_bot_pat
.
Create an Asana sandbox
Before we start coding, create a project in Asana to use as a sandbox. While not required, I like to set the project to private while developing. To get some users in the project, add your main Asana user as well as your bot account. You could also invite a personal email as a guest user.
Choose an Asana client library
The Asana API has SDKs in several popular languages. For most developers, we recommend using one of our client libraries because they help with some of the complexities of using an API such as authentication, pagination, and deprecations.
For this guide, we will use the Asana Node client library, however, you can follow along in any language of your choice.
Each library has an examples folder in addition to the readme, which can be helpful for getting started. The methods for each resource can be found in the “gen” folder of each client library (e.g. node-asana/lib/resources/gen/).
Now head over to the top of the right pane to start coding your bot ----->
Congratulations! Now go above and beyond
You’ve created an Asana triage bot. Let’s explore a few ideas on how to make it even better.
Deploy your app
While you can run your bot from the command line, that seems like a lot of work to run a bot that’s supposed to eliminate work about work.
One option is to use launchd to automatically execute your script (launchd is like cron but better). Here’s a tutorial to get you started with launchd.
The next step would be to deploy to a hosted server. Here’s a guide exploring some of the popular hosting providers. Hosting your app makes it more resilient and allows you to create more sophisticated apps (e.g. use webhooks).
Use Asana as your config file
To take your bot’s accessibility to the next level, put your configuration in an Asana task(s) and then have your script read that task(s) for instructions. This allows you (or anyone else) to make config changes without touching any code. For example, if a designer is on vacation, you can easily remove them from the group that gets assigned requests. Similarly, if a designer joins or leaves the team, this change could be easily configured in a task instead of having to change the bot’s code.
To see this approach in the wild, checkout Ohmega, an automation framework we created. Here’s the configuration service that reads a tree of tasks for its configuration.
Use webhooks for real-time triaging
If you need your bot to react to changes in real time, then you’ll need to use webhooks. We built a python webhook inspector to help developers get started using Asana webhooks.
Other bot examples
Reminder bot
Even the most conscientious and best-intentioned teammate can get overloaded and occasionally forget a task. For project managers, team leads, or coordinators, it can be draining to check-in on everyone to make sure that everything is going according to schedule. How can you stay on track and minimize the work-about-work?
Instead of continually reminding teammates to stay focused, use Asana’s API to create a bot for automatic reminders (a bot is a script that performs a task automatically). In this case, a "ping bot" takes action when due dates are approaching (or for any other specified trigger). This can act as a more intelligent version of the reminders that Asana already sends when due dates approach. For example, this persistent friend could comment with reminders further in advance, ask assignees or followers to take some action like setting a custom field, re-assign the work, and/or push out due dates. With a bot taking care of the schedule and reminders, people can spend their time on the work that needs human attention, like ideation and feedback.
Recruiting bot
At Asana, we use a bot to help automate the process for evaluating engineering candidates. The bot helps ensure that applicant coding tests are graded in a timely manner by the right engineer.
When candidates have submitted their coding test, the bot uses the Asana API to assign the test to a grader based on specific criteria tracked in Asana, such as their preferred programming languages and number of previous evaluations. Graders are given x days to grade tests (the bot takes into account when graders are out of office). If tests have not been graded by the due date, graders are pinged by the bot with a comment on the task to either grade the test or re-assign it to someone else. After y days, the bot automatically re-assigns the test to the next grader to keep the process moving.
Bugs bot
Our engineering teams handle triaging bug reports by creating a task in a "Bugs" project. A bot then adds the project manager of the relevant team in Asana as a follower, moves the task into a "needs triage" section, and requests assistance. The project manager can then evaluate the bug and triage it.
Since the evaluation of the severity of the bug is important for understanding how urgent the fix is, Bugs Bot will remain persistent, commenting every few days until the task has been moved out of the triage section and into a section of the relevant priority. This process ensures that we're aware of the impact of bugs and helps us avoid severe bugs slipping through the cracks.
Official Client Libraries
Asana is committed to making the developer experience as smooth as possible. Part of this effort is providing high-quality libraries you can use to access the API. The available libraries are listed below, and more are in development. If you don't see what you need, check the open-source community for your platform, and let us know that you'd like to find one here!
JavaScript (Node)
npm install asana
For use in the Node server-side JavaScript runtime.
Installation: Install with npm
JavaScript (Browser)
<script src="asana-min.js"></script>
This is built our Node library, so you get the exact same interface.
Installation: Visit the releases page to download the latest full or minified JS bundle, then include the script in your web page.
Python
pip install asana
Installation: Install with pip
Ruby
gem install asana
Installation: Install with gem
Java
<dependency>
<groupId>com.asana</groupId>
<artifactId>asana</artifactId>
<version>0.10.1</version>
</dependency>
Installation: If you use Maven for dependency management simply include the following in your pom.xml.
PHP
"require": {
"asana/asana": "^0.10.0"
}
Installation: If you use Composer to manage dependencies you can include the "asana/asana" package as a dependency.
Workflow Apps Overview
Requires an App Server.
Workflow Apps can display customized widgets, forms, and rules within Asana's UI.
Requests go from Asana directly to an App's server. The App Server controls
the information within these customized widgets, and the App Server controls what
happens when a User takes actions within these components.
We will cover the main Workflow App components here.
App Widget
Request to the App Server
https://app-server.com/widget?workspace=12345&task=23456&user=34567&locale=en&attachment=45678&asset=56789&expires=1602192507761&resource_url=https%3A%2F%2Fcompany.atlassian.net%2Fissue%2F1254
Response from the App Server
{
"template": "summary_with_details_v0",
"data": {
"title": "MSB-3 As a user, I see a flexible widget",
"subtitle": "Jira Cloud Story · Open in Jira Cloud",
"subicon_url": "https://jira.com/icons/subicon.png",
"footer": "Last updated in Jira Cloud 10 minutes ago",
"comment_count": 12,
"fields": [
{
"name": "Status",
"type": "pill",
"text": "In Progress",
"color": "blue"
},
{
"name": "Priority",
"type": "value_with_icon",
"icon_url": "https://jira.com/icons/priority_highest.png",
"text": "Highest"
},
{
"name": "Assignee",
"type": "value_with_icon",
"icon_url": "https://jira.com/avatars/rhian.png",
"text": "Rhian Sheehan"
}
]
}
}
An App Widget displays external data within Asana. The contents of a
widget may change, but the overall format stays consistent across apps.
Apps can control what layout they prefer by supplying their preferred
template
. You can see the available templates in the Enumerated Values
section of response schema.
The App Server controls the content of this widget. When an Asana user's browser navigates to a widget, Asana sends a request to the registered App Server. As long as the response from the server is valid (like the example on the right), the widget will display.
Example URL attachment Request
{
"data": {
"resource_subtype": "external",
"name": <string>,
"url": <valid_url_string>,
"app_identifier": <string>
}
}
How does Asana determine when a widget should be shown? When a task is opened in
Asana, it checks each attachment on the task. If an attachment has a url
that fits with an App's registered match url
(ex: https:\/\/.*.atlassian.net\/.*
)
then it shows a widget. A GET request is sent to the App's widget url
, including
URL parameters like task
, user
, and workspace
.
Related References:
Upload Attachment >> To create a url attachment via the API (See sample on the right).
App Form
Request to the App Server
https://app-server.com/form?workspace=12345&task=23456&user=34567&locale=en&expires=1602192507761
Response from the App Server
{
"title": "Create New Issue",
"on_submit_callback": "https://app-server.com/actions/create",
"submit_button_text": "Create Issue",
"fields": [
{
"type": "single_line_text",
"name": "summary",
"title": "Summary",
"value": "",
"placeholder": "Enter some text",
"width": "full",
"required": true
},
{
"type": "rich_text",
"name": "description",
"title": "Description",
"value": "",
"placeholder": "",
"required": true
},
{
"type": "typeahead",
"name": "jira-project",
"title": "Jira project",
"value": "",
"placeholder": "Search Jira for a project...",
"required": true,
"typeahead_url": "https://app-server.com/jira/project/typeahead",
},
{
"type": "checkboxes",
"name": "attachments",
"required": false,
"options": [
{
"id": "shouldIncludeAttachments",
"label": "Attach files from this Asana task"
}
]
}
]
}
An App Form allows users to fill out a dynamic app-controlled list of fields. The # of fields can range from 0-20. Once a form is submitted, the information is sent to the App Server and Asana will perform different functionality depending on what they responded with. If the App wants to cause additional changes within Asana, the App Server will need to make the changes via the API.
An advanced feature of App Forms is live on_change
events. While a user is filling out a form,
the App Server can receive on_change
requests. These requests include what the user has changed, and
allow the App Server to respond with an updated form. Apps can build complex branching logic depending
on changes a user makes.
To take advantage of on_change
events, you'll supply a list of watched_fields
and an endpoint to hit with updates.
See the on_change
field in the response to the
form metadata request. The request sent to that
endpoint is the On change callback request.
Related References:
Resource Search
Request to the App Server
https://app-server.com/resource-search?fragment=Cool&workspace=12345&task=23456&user=34567&locale=en&expires=1602192507761
Response from the App Server
{
"items": [
{
"title": "Cool project!!!",
"subtitle": "CP",
"value": "CP",
"icon_url": "https://jira.com/cool_project_icon.png"
},
{
"title": "Cool Team PF",
"subtitle": "OTP",
"value": "OTP",
"icon_url": "https://jira.com/some_project_icon.png"
}
]
}
App Forms supports typeahead fields. To use these, a typeahead field must be declared within the
form. When a user types in that field, a request will be sent to the typeahead_url
. The App Server then responds with
the applicable objects for their query. The App Server entirely determines what queries mean and how to handle them.
Related References:
App Action
Request to the App Server
https://app-server.com/rule?workspace=12345&project=23456&action_type=45678&action=56789&user=34567&locale=en&expires=1602192507761
Response from the App Server
{
"on_submit_callback": "https://app-server.com/slack/action/onsubmit",
"on_change": {
"on_change_callback": "https://app-server.com/slack/action/onchange",
"watched_fields": [
"typeahead_full_width"
]
},
"fields": [
{
"title": "Choose a channel",
"type": "typeahead",
"id": "typeahead_full_width",
"required": true,
"typeahead_url": "https://app-server.com/slack/typeahead"
},
{
"title": "Write a message",
"type": "rich_text",
"name": "description",
"required": true
}
]
}
An App Action allows users to customize app actions triggered by Asana's rule engine. They use the same functionality as
the App Form, as Asana requests a form definition from the App Server. The app controls the form
fields, handles on_change
events, and stores the inputs of the form. When a rule is created, Asana sends a request to
the App Server with the user-specified inputs. When the rule is triggered, Asana sends an event to the App Server.
App actions are a part of Asana Rules.
Related References:
Workflow App Security
Workflow App Authorization
Authorization is handled by the app. When a Workflow App is added to a project, the user adding it is sent to the App's
authenticationUrl
. The App may perform OAuth with Asana, OAuth with a different app, perform both, or perform none!
As long as the app confirms the flow was complete, Asana will successfully add the app to the project. This will allow requests to be sent to the App's pre-defined endpoints.
If the App wants additional data from Asana or wants to make changes within Asana, they should have the user complete an OAuth flow against Asana (see https://developers.asana.com/docs/oauth).
Keep in mind, this authorization provides the App Server with a single user's auth token. Multiple users of Asana will hit the UI Hooks and send requests to the App Server, but the server will likely only have the token for 1 user. It might be a good idea to suggest users authenticate with a bot account.
Workflow App Message Integrity
Message integrity is provided by a SHA-256 HMAC signature on the contents of the request. This is URL parameters in the case of GET requests and a JSON blob in the case of a POST request. The signature is transmitted via a header. The app calculates the same signature and compares that to the value in the header, rejecting the request if the two do not match. The signature must be on the exact parameter string that will be passed to the app because the signature will change if something as trivial as spacing changes.
The burden of verifying the request is on the app. Without this check, attackers can send requests to the App Server pretending to be Asana.
Workflow App Timeliness
Timeliness is provided by the addition of an expiration parameter. If this parameter were not added then a request recorded, such as in logs, could be reused to continue to request information from the app at a later time.
The burden of verifying the request has not expired is on the app. Without this check, the App Server is vulnerable to replay attacks.
Workflow Apps
Sample of a full Workflow App definiton
{
identifier: "jira",
name: "Jira Cloud",
description: "Short description of the app.",
extendedDescription: "A long description of the functionality of the app and the value it provides for users.",
features: [
{
src: "https://abcdefghijklmnop.cloudfront.net/obj/56fd875687fa6875fda7f586dsa/create.svg",
alt: "Create issue dialog",
text: "Kick off new work by creating Jira issues from Asana.",
},
{
src: "https://abcdefghijklmnop.cloudfront.net/obj/56fd875687fa6875fda7f586dsa/sync.svg",
alt: "Syncing Jira Widget",
text: "Add issues to Asana tasks to sync the status from Jira.",
},
{
src: "https://abcdefghijklmnop.cloudfront.net/obj/56fd875687fa6875fda7f586dsa/visibility.svg",
alt: "Person surrounded by issues",
text: "Add visibility for stakeholders to reduce status meetings.",
},
],
siteUrl: "https://jira-asana-integration.asana.com",
appDirectoryUrl: "https://www.asana.com/apps/jiracloud",
authenticationUrl: "https://jira-asana-integration.asana.com/auth",
icon: {
x32: "https://abcdefghijklmnop.cloudfront.net/obj/56fd875687fa6875fda7f586dsa/jira_cloud_32.png",
x48: "https://abcdefghijklmnop.cloudfront.net/obj/56fd875687fa6875fda7f586dsa/jira_cloud_48.png",
x64: "https://abcdefghijklmnop.cloudfront.net/obj/56fd875687fa6875fda7f586dsa/jira_cloud_64.png",
x96: "https://abcdefghijklmnop.cloudfront.net/obj/56fd875687fa6875fda7f586dsa/jira_cloud_96.png",
x192: "https://abcdefghijklmnop.cloudfront.net/obj/56fd875687fa6875fda7f586dsa/jira_cloud_192.png",
},
logo: "https://abcdefghijklmnop.cloudfront.net/obj/56fd875687fa6875fda7f586dsa/Jira-full.png",
capabilities: [
{
type: "ResourceSearch",
resourceTypeaheadUrl: "https://jira-asana-integration.asana.com/project/typeahead",
resourceAttachUrl: "https://jira-asana-integration.asana.com/actions/attach"
},
{
type: "ResourceWidget",
widgetMetadataUrl: "https://jira-asana-integration.asana.com/issue/widget",
matchUrlPattern: "https:\\/\\/.*.atlassian.net\\/.*"
},
{
type: "CreateResource",
formMetadataUrl: "https://jira-asana-integration.asana.com/actions/form",
formOnChangeUrl: "https://jira-asana-integration.asana.com/actions/form/onchange",
formOnSubmitUrl: "https://jira-asana-integration.asana.com/actions/create",
},
],
authModalMetadata: {
title: "Drive visibility & transparency across teams",
subtitle: "Here's what you can do in Asana with the Jira Cloud app.",
buttonText: "Get started",
},
coachmarkText: "Add or create new Jira issues on any task in this project.",
actionsMenuTitle: "Add Jira Issue",
feedbackLink: "https://form-beta.asana.com?hash=6da775cf552078ee2299eda9309d22f32239aa29900b5b9330cd57891e7d6068&id=1148560723305775",
externalSupportUrl: "https://asana.com/guide/help/api/jira",
}
Currently, "Workflow Apps" are separate from "OAuth Apps". To create a Workflow App, you will need to create an OAuth App and request the Workflow App functionliaty onto it via the Create a UI Hook Alpha App form.
To create an oauth app, see Authentication Quick Start.
To create a Workflow App you'll need to fill out the Create a UI Hook Alpha App form with the data in the table below.
Field | Type | Description | |
description | String | A short description of the app shown in the app gallery. | |
extendedDescription | String | An extended description of the functionality of the app shown in the app settings. | |
features | Object | A list of feature descriptions used to illustrate the functionality of the app in marketing views. | |
siteUrl | String (url) | A URL which informs the Workflow App system where to make requests. | |
authenticationUrl | String (url) | A URL which informs the Workflow App system where to make requests for authenticating and authorizing users. This is called during installation or when the app returns a response indicating the user must authenticate to continue. | |
icon | Object | A collection of URLs pointing to icon assets of various sizes. Used to display icons of the app in the Asana UI. Note: This field is experimental. We may move to managing uploading and displaying these assets instead of allowing developers to specify them as a url in the app definition. | |
capabilities | Object | A list of Workflow App capabilities supported by the app and their configuration. | |
logo | String (url) | A link to the image of the App logo. Appears in the app installation modal | |
authModalMetadata | Object | Information about the text displayed in the auth modal | |
coachmarkText | String | Text displayed to new users to inform them about the app’s capabilities. | |
actionsMenuTitle | String | Text displayed in the app field in the task pane | |
feedbackLink | String (url) | Link to a form for collecting feedback about the app. | |
externalSupportUrl | String (url) | Link to page where users can learn more about the app, access detailed setup instructions, or get support. |
Once your app is submitted, an Asana Developer will enable your app and notify you via email when it's ready to use.
Workflow Apps Quickstart
Have an App Server running locally (or remotely)
Asana will assume your server is running locally at localhost:5000/
. You should log the request body and url for all
requests to your to help get everything setup. For each PlatformUI feature you want to use, you'll need to add some
paths. You are in charge of what each path looks like, but here are some provided example paths you can use for now.
Add these paths for each feature you want:
widgetMetadataUrl
(ex:GET http://localhost:5000/resource/widget/metadata
)
resourceAttachUrl
(ex:GET http://localhost:5000/resource/attach
)
formMetadataUrl
(ex:GET http://localhost:5000/resource/create
)- One or more
typeahead_url
s (ex:GET http://localhost:5000/users/typeahead
). You'll need different urls for different types of results, like users vs tickets.
One or more Automation/App Actions
form_metadata_url
(ex:GET http://localhost:5000/automation/action/metadata
)run_action_url
(ex:POST http://localhost:5000/automation/action
)
You will provide Asana these paths in the next step.
Register a Workflow App App
First, complete the Create a UI Hook Alpha App described in the Workflow App Section. Here is a cheat-sheet for what data you need to provide:
authenticationUrl
&authModalMetadata
is only required if your app needs access to the Asana API and/or needs to oauth with a different application. If you plan to use Asana's API, create an OAuth App via the Developer Console. The URL you place inauthenticationUrl
should be something likehttps://localhost:5000/auth
. This url should redirect users to the User Authorization Endpoint with the required url parameters for OAuth.resource_widget
is required if you want to display an App Widget. Widgets are displayed for connected resources. For thematchUrlPattern
, you can placehttp:\\/\\/.*.localhost:5000\\/.*
for now.resource_search
is required if you want type in functionality to connect an external resource to an asana task.create_resource
is required if you want to use the App Form. The App Form submits data that should be used to create an external resource.automation
is required if you want to connect your app to Asana Automation.
Once your app is submitted, an Asana Developer will enable your app and notify you via email when it's ready to use.
Install your app in a project
Login with your user and ensure you're in your sandbox domain (The one you provided in the register form). Open or create an Asana project and open it.
Note, you may need to use the "Customize" dropdown instead.
In the top right, hit "Apps" -> "Add apps". Scroll until you locate your app. Hit install. At this point one of two things happened:
- The button now says "Installed" or "Uninstall". If so, you can close this window and continue.
- A new modal popped up. If this happened, an iframe was opened and redirected to your
authenticationUrl
. If your OAuth is set up properly, you should be able to complete this flow.- If the flow completes but the window doesn't close, ensure the last step of your oauth sends a
postMessage
with the message "success". The origin of this message should be set to the url of the app server.
- If the flow completes but the window doesn't close, ensure the last step of your oauth sends a
If your app installed successfully, you should now open a task. Create one if you need to.
Right when you open a Task, Asana looks at all of the attachments on the task. If any of the attachments match your
matchUrlPattern
regex, Asana will display a widget. At this point, it's unlikely you have an attachment ready to go,
so lets attach one now.
On the task pane, there should be a new field for your app with a dropdown next to it. Click the dropdown and you will see options for Search and Create. Create will open the form in a modal, Search will allow you to type in a query which is sent to your Attach endpoint.
Form Basics
GET http://localhost:5000/resource/create
{
"title": "My Form",
"on_submit_callback": "http://localhost:5000/resource",
"submit_button_text": "Create"
}
Let's hit the Create
option and check the logs for our server. You should have seen a request to your create_resource
url. This request tells Asana what fields to display here. For now, you should change your server to respond with
the "My Form" example on the right. You can add more to this by referencing the
Resource Form Reference.
Once you've made the change, close and re-open the modal. You should see something new! (If you don't try debugging
http://localhost:5000/resource/create
with Postman)
Try hitting "Create", and depending on your server, you may get an error here. This is expected, ad you still need to
create an endpoint for http://localhost:5000/resource
. Different errors cause different things to happen (For
example, if your server returns a 401
, the UI will try to reauthorize with your app!). Either change your form to
point to a url you have already defined (perhaps your resourceAttachUrl
) or define a new endpoint for this request.
POST http://localhost:5000/resource/attach
{
"resource_name": "My Attachment",
"resource_url": "https://localhost:5000/attachments/123456789"
}
The intention of the form modal is for a user to provide enough information to create the resource on the App Server. If
a user prefers to connect via search, they'll instead hit your resourceAttachUrl
with a url param named
value
. value
is usually the id or name of the resource they want to connect to. For example, some of our server's
/resource/attach
endpoints handle both typeahead attachments and new resources via forms. You're in charge of what
your urls look like and handle.
Whatever endpoint you use for the form, change it to return the "My Attachment" example on the right (or something
similar). The important part here is the resource_url
. Your matchUrlPattern
regex should match against it if you
want your widget to show up. Earlier, this guide suggested you place http:\\/\\/.*.localhost:5000\\/.*
as your regex.
If you followed that, provide a resource_url
that matches it, like http://test.localhost:5000/test_attachment
.
Open the form again (if needed), and hit "Create". Your response tells Asana to add an attachment to the Task. This new
attachment matches your matchUrlPattern
so Asana will try to load the Widget.
Widget Basics
GET http://localhost:5000/resource/widget/metadata
{
"template": "summary_with_details_v0",
"data": {
"title": "My Widget",
"subtitle": "Still My Widget",
"footer": "Also My Widget"
}
}
You can think of the widget as an "advanced attachment". Asana evaluates each attachment and displays a widget if the
resource_url
matches any installed app's matchUrlPattern
. When a match occurs, Asana hits the corresponding app's
widgetMetadataUrl
with some parameters to help the app identify what to display (See the full
Resource Widget Reference.
Change your widgetMetadataUrl
path on your server to return the "My Widget" example on the right. Once you restart
your server, refresh Asana.
You should now see this Widget on the right. This guide has you faking all of the data currently, but there's an attachment on the Asana task that tells Asana to hit your server with information about the task. Your server is giving Asana the data to display in the widget. Clicking on the widget will take you to the attachment's url.
Typeahead Basics
GET http://localhost:5000/resource/typeahead
{
"items": [
{
"title": "Item 1",
"subtitle": "Sub 1",
"value": "val-1",
"icon_url": "https://some-icon.png"
},
{
"title": "Item 2",
"subtitle": "Sub 2",
"value": "val-2",
"icon_url": "https://some-icon.png"
}
]
}
New Form
{
"title": "My Form",
"on_submit_callback": "http://localhost:5000/resource",
"submit_button_text": "Create",
"fields": [
{
"type": "typeahead",
"name": "example_typeahead",
"title": "Example Typeahead",
"placeholder": "Search your app for an object",
"required": true,
"typeahead_url": "https://jira-asana-integration.asana.com/user/typeahead",
}
]
}
Lets add a functioning typeahead. Change your resourceTypeaheadUrl
response to return the "items" example on the
right. Additionally, change your Restart your server, refresh your Asana tab. Nothing will have changed! In order to see this typeahead in action,
you'll need to remove the currently connected resource. You can do this by hitting the x on the corresponding
attachment or using the kabob menu (three dots) on the top right of the widget.
Once you remove the attachment, you'll need to open click the dropdown you hit earlier in this guide, but this time use the typeahead option.
Pick either one of your results. Either way, they will hit the resourceAttachUrl
. As long as that URL returns a valid
resource, a new attachment will be made and attached. Your widget should return!
Automation Basics
GET http://localhost:5000/automation/action/metadata
{
"on_submit_callback": "http://localhost:5000/automation/submit",
"fields": [
{
"title": "[Single Line Text]",
"type": "single_line_text",
"id": "single_line_text_full_width",
"required": true,
"placeholder": "[full width]",
"width": "full"
}
]
}
POST http://not-localhost:5000/automation/action (localhost won't work here!)
{
"action_result": "resources_created",
"resources_created": [
{
"resource_name": "My Attachment",
"resource_url": "https://localhost:5000/attachments/123456789"
}
]
}
Automation is a little more complicated. If you understand how to customize and handle requests from the App Form, then you know how to handle the first part of automation as it works essentially the same. For this guide, go ahead and change your server to return the example jsons on the right.
The first step of automation is setting up a rule. When an Asana user is done creating the rule (filling in the fields you asked for), they will hit submit. That data is sent to your servers immediately, just like the modal form. Note that the automation has likely not fired yet.
Later on, when the automation fires, Asana will send different information to your server. Instead of including all
of the responses from the user again, Asana simply includes an id
of the action
and a target_object
.
In order for your app to fully understand what the automation is suppose to do, you will need to look up the
action
that the user setup in the first step. Asana does not save this information for you. This means you will need
a persistent data store to write & read this information.
Additionally, when a rule fires, the request is sent from Asana's servers. This means localhost will not work for debugging this (unless you setup a localhost proxy like ngrok).
Once your server is ready, follow the Asana Rules_Guide to create a rule. When choosing an action, you should select your app's action. These will only show up if the project has the app installed and you submitted app actions when you registered your Workflow App. You should see your customized form. Feel free to submit it and create the rule.
Sadly, you will be unable to test the action being triggered while hosting locally. To test this, deploy your server or setup something like ngrok to expose your localhost server.
Being Secure
function forAllRequests(req) {
let secret = getSecret();
stringToVerify = null;
if (req.verb === "POST") {
stringToVerify = req.body().toString();
} else if (req.verb === "GET") {
stringToVerify = req.url.query; // ?target=2421543&res...
}
let computedSignature = require("crypto").createHmac("sha256", secret)
.update(stringToVerify)
.digest("hex");
if (req.headers["X-Asana-Signature"] !== computedSignature) {
reject(req);
return;
}
let now = new Date();
if (now.getTime() > req.query["expires"]) {
reject(req);
return;
}
// Handle Request
}
If you deploy your server now, it will be vulnerable to attackers hitting your endpoints pretending to be Asana. In order to counter this, Asana includes a signature with each request. The signature is a SHA-256 HMAC of either the url params (for GET requests) or the json body (for POST requests) using a shared secret. Your app should verify this signature as shown in pseudocode on the right.
Additionally, your app should respect the timeliness of requests. Without this, attackers can replay requests to your server. This is also shown in the pseudocode on the right.
You should read the UI Hooks Security section before deploying anything to production.
Deploying
To deploy you'll need to host your localhost server to a full App Server.
- All of your urls need to change to the new hosted location (both in your app definition and your responses).
- We recommend hosting on AWS Lambda, Google Cloud Functions, or Microsoft Azure for reliable uptime and easy maintenance.
Publishing
Publishing is not available during the Alpha
Reach out to the DevS team when your app is ready to publish. You can use any avenue to do this or simply email devrel@asana.com with your app's email and the name of the app you wish to publish.
Workflow App Reference
Scroll down for code samples, example requests and responses. Select a language for code samples from the tabs above or the mobile navigation menu.
This is the interface for handling requests for Workflow Apps. This reference is generated from an OpenAPI spec.
Base URLs:
Forms
GET /{form_metadata_url}
POST /{on_change_callback}
POST /{on_submit_callback}
The creation form is displayed when the user starts the flow to create a resource. Asana will make a signed request to the specified form_metadata_url in the capabilities, and expect a response with the metadata needed to create the form. This process is also used for forms within rules.
Get form metadata
Code samples
curl -X GET {siteUrl}/{form_metadata_url} \
-H 'Accept: application/json'
200 Response
{
"error": "Create New Issue",
"fields": [
{
"error": "Maximum description length is 256 characters",
"id": "item-description",
"options": [
{
"icon_url": "some-icon.png",
"id": "opt-in",
"label": "Opt in to emails."
}
],
"placeholder": "Type description here...",
"required": true,
"title": "Item Description",
"type": "single_line_text",
"value": "It's over 9000",
"width": "full"
}
],
"on_change": {
"on_change_callback": "https://app-server/form/onchange",
"watched_fields": [
"description"
]
},
"on_submit_callback": "www.example.com/on_submit",
"submit_button_text": "Create New Issue",
"title": "Create New Issue"
}
See Input/Output Options to include more fields in your response.
GET /{form_metadata_url}
Get the metadata from the App Server to render a form.
Parameters
Name | Description | |
?workspace undefined | The workspace gid this hook is coming from. | |
?task undefined | The task gid this hook is coming from. | |
?user undefined | The user gid this hook is coming from. | |
?locale undefined | The locale of the user (i.e. en, fr) | |
?expires undefined | The time in milliseconds since epoch time when the request should expire |
Responses
Status | Description | ||||
200 FormMetadata | Successfully retrieved the metadata for a single form. | ||||
↓ Show Common Responses ↓ |
On change callback
Code samples
curl -X POST {siteUrl}/{on_change_callback} \
-H 'Content-Type: application/json' \
-H 'Accept: application/json' \
-d '{"data": {"field":"value","field":"value"} }'
Body parameter
{
"changed_field": "string"
}
200 Response
{
"error": "Create New Issue",
"fields": [
{
"error": "Maximum description length is 256 characters",
"id": "item-description",
"options": [
{
"icon_url": "some-icon.png",
"id": "opt-in",
"label": "Opt in to emails."
}
],
"placeholder": "Type description here...",
"required": true,
"title": "Item Description",
"type": "single_line_text",
"value": "It's over 9000",
"width": "full"
}
],
"on_change": {
"on_change_callback": "https://app-server/form/onchange",
"watched_fields": [
"description"
]
},
"on_submit_callback": "www.example.com/on_submit",
"submit_button_text": "Create New Issue",
"title": "Create New Issue"
}
See Input/Output Options to include more fields in your response.
POST /{on_change_callback}
The callback request made to an App Server when a watched field's value changes within a form.
Parameters
Name | Description | |
body object required | Request to notify of an on change event. |
Responses
Status | Description | ||||
200 FormMetadata | Successfully returned the new state of the form. | ||||
↓ Show Common Responses ↓ |
On submit callback
Code samples
curl -X POST {siteUrl}/{on_submit_callback} \
-H 'Content-Type: application/json' \
-H 'Accept: application/json' \
-d '{"data": {"field":"value","field":"value"} }'
Body parameter
{
"expires": "string",
"locale": "string",
"task": "string",
"user": "string",
"values": {
"property1": {
"field_name": "string",
"field_object": {
"error": "Maximum description length is 256 characters",
"id": "item-description",
"options": [
{
"icon_url": "some-icon.png",
"id": "opt-in",
"label": "Opt in to emails."
}
],
"placeholder": "Type description here...",
"required": true,
"title": "Item Description",
"type": "single_line_text",
"value": "It's over 9000",
"width": "full"
}
},
"property2": {
"field_name": "string",
"field_object": {
"error": "Maximum description length is 256 characters",
"id": "item-description",
"options": [
{
"icon_url": "some-icon.png",
"id": "opt-in",
"label": "Opt in to emails."
}
],
"placeholder": "Type description here...",
"required": true,
"title": "Item Description",
"type": "single_line_text",
"value": "It's over 9000",
"width": "full"
}
}
},
"workspace": "string"
}
200 Response
{
"resource_name": "Build the Thing",
"resource_url": "https://example.atlassian.net/browse/CP-1"
}
See Input/Output Options to include more fields in your response.
POST /{on_submit_callback}
The callback request made to an App Server when a form is submitted.
Parameters
Name | Description | |
body object required | Request to notify of a form submission. |
Enumerated Values
Parameter | Value | |
type | single_line_text | |
type | multi_line_text | |
type | rich_text | |
type | static_text | |
type | dropdown | |
type | checkboxes | |
type | date_input | |
type | date_time_input | |
type | typeahead | |
width | full | |
width | half |
Responses
Status | Description | ||||
200 AttachedResource | Successfully attached the resource created by the form. | ||||
↓ Show Common Responses ↓ |
Rules
POST /{run_action_url}
GET /{metadata_url}
POST /{action.on_change_callback}
POST /{action.on_submit_callback}
When a rule containing an app action is triggered, the Rules Engine will make a Workflow App request to the app to inform the app to run the configured app action. The resulting status code will indicate to the Rules Engine whether the action was successfully completed and, if not, specify a cause for the error.
Run action
Code samples
curl -X POST {siteUrl}/{run_action_url} \
-H 'Content-Type: application/json' \
-H 'Accept: application/json' \
-d '{"data": {"field":"value","field":"value"} }'
Body parameter
{
"action_type": "string",
"expires": "string",
"locale": "string",
"target_object": "string",
"task": "string",
"user": "string",
"workspace": "string"
}
200 Response
{
"action_result": "resources_created",
"resources_created": [
{
"resource_name": "Build the Thing",
"resource_url": "https://example.atlassian.net/browse/CP-1"
}
]
}
See Input/Output Options to include more fields in your response.
POST /{run_action_url}
The request made when an action is triggered.
Parameters
Name | Description | |
body object required | Request to notify of an action running. |
Responses
Status | Description | ||||
200 RanAction | Successfully attached the resource created by the form. | ||||
410 None | Gone | ||||
↓ Show Common Responses ↓ |
Get action metadata
Code samples
curl -X GET {siteUrl}/{metadata_url} \
-H 'Accept: application/json'
200 Response
{
"error": "Create New Issue",
"fields": [
{
"error": "Maximum description length is 256 characters",
"id": "item-description",
"options": [
{
"icon_url": "some-icon.png",
"id": "opt-in",
"label": "Opt in to emails."
}
],
"placeholder": "Type description here...",
"required": true,
"title": "Item Description",
"type": "single_line_text",
"value": "It's over 9000",
"width": "full"
}
],
"on_change": {
"on_change_callback": "https://app-server/form/onchange",
"watched_fields": [
"description"
]
},
"on_submit_callback": "www.example.com/on_submit",
"submit_button_text": "Create New Issue",
"title": "Create New Issue"
}
See Input/Output Options to include more fields in your response.
GET /{metadata_url}
When a user has navigated to the Custom Rule Builder UI and selected an App Action (either through the sidebar or via a Rule Preset), Asana will make a Workflow App request to the app to get the configuration form definition for the chosen app action. This will initiate the flow to configure a new app action or edit the configuration of an existing app action. This is the endpoint and schema for updating app actions; app triggers (V2) will be analogous.
Parameters
Name | Description | |
?action undefined | The asset id of the asset containing the URL attachment | |
?action_type undefined | The id of the configuration used to create the app action | |
?workspace undefined | The workspace gid this hook is coming from. | |
?task undefined | The task gid this hook is coming from. | |
?user undefined | The user gid this hook is coming from. | |
?locale undefined | The locale of the user (i.e. en, fr) | |
?expires undefined | The time in milliseconds since epoch time when the request should expire |
Responses
Status | Description | ||||
200 FormMetadata | Successfully retrieved the metadata for a single action. | ||||
418 None | Unauthorized | ||||
↓ Show Common Responses ↓ |
On action change callback
Code samples
curl -X POST {siteUrl}/{action.on_change_callback} \
-H 'Content-Type: application/json' \
-H 'Accept: application/json' \
-d '{"data": {"field":"value","field":"value"} }'
Body parameter
{
"action": "string",
"action_type": "string",
"changed_field": "string"
}
200 Response
{
"error": "Create New Issue",
"fields": [
{
"error": "Maximum description length is 256 characters",
"id": "item-description",
"options": [
{
"icon_url": "some-icon.png",
"id": "opt-in",
"label": "Opt in to emails."
}
],
"placeholder": "Type description here...",
"required": true,
"title": "Item Description",
"type": "single_line_text",
"value": "It's over 9000",
"width": "full"
}
],
"on_change": {
"on_change_callback": "https://app-server/form/onchange",
"watched_fields": [
"description"
]
},
"on_submit_callback": "www.example.com/on_submit",
"submit_button_text": "Create New Issue",
"title": "Create New Issue"
}
See Input/Output Options to include more fields in your response.
POST /{action.on_change_callback}
The callback request made to an App Server when a watched field's value changes within an action form.
Parameters
Name | Description | |
body object required | Request to notify of an on change event. |
Responses
Status | Description | ||||
200 FormMetadata | Successfully returned the new state of the form. | ||||
↓ Show Common Responses ↓ |
On action submit callback
Code samples
curl -X POST {siteUrl}/{action.on_submit_callback} \
-H 'Content-Type: application/json' \
-d '{"data": {"field":"value","field":"value"} }'
Body parameter
{
"action": "string",
"action_type": "string",
"expires": "string",
"locale": "string",
"rule_name": "string",
"task": "string",
"user": "string",
"values": {
"property1": {
"field_name": "string",
"field_object": {
"error": "Maximum description length is 256 characters",
"id": "item-description",
"options": [
{
"icon_url": "some-icon.png",
"id": "opt-in",
"label": "Opt in to emails."
}
],
"placeholder": "Type description here...",
"required": true,
"title": "Item Description",
"type": "single_line_text",
"value": "It's over 9000",
"width": "full"
}
},
"property2": {
"field_name": "string",
"field_object": {
"error": "Maximum description length is 256 characters",
"id": "item-description",
"options": [
{
"icon_url": "some-icon.png",
"id": "opt-in",
"label": "Opt in to emails."
}
],
"placeholder": "Type description here...",
"required": true,
"title": "Item Description",
"type": "single_line_text",
"value": "It's over 9000",
"width": "full"
}
}
},
"workspace": "string"
}
POST /{action.on_submit_callback}
The form is submitted when the user chooses to create their Rule. Asana will create the app action data model object and make a signed request to the on_submit_callback specified in the form metadata returned from the fetch/update app rule form endpoints. Information about the created app action should be included in the response if it was successfully created. This is the endpoint and schema for updating app actions; app triggers (V2) will be analogous.
Parameters
Name | Description | |
body object required | Request to submit an action form. |
Enumerated Values
Parameter | Value | |
type | single_line_text | |
type | multi_line_text | |
type | rich_text | |
type | static_text | |
type | dropdown | |
type | checkboxes | |
type | date_input | |
type | date_time_input | |
type | typeahead | |
width | full | |
width | half |
Responses
Status | Description | ||||
200 None | Successfully handled form submission. | ||||
↓ Show Common Responses ↓ |
Typeahead - Workflow Apps
GET /{typeahead_url}
Each typeahead form field contains a typeahead_url to fetch typeahead options based on input text. While the user inputs text into the field, Asana will periodically (every 700ms) send signed requests to the typeahead_url and expect responses with lists of items matching the given input.
Typeahead (UI)
Code samples
curl -X GET {siteUrl}/{typeahead_url} \
-H 'Accept: application/json'
200 Response
{
"items": [
{
"icon_url": "https://example-icon.png",
"subtitle": "OTP",
"title": "OTP Team PF",
"value": "OTP"
}
]
}
See Input/Output Options to include more fields in your response.
GET /{typeahead_url}
The typeahead request made to an App Server when a typeahead field changes.
Parameters
Name | Description | |
?fragment undefined | The text entered into the typeahead input | |
?workspace undefined | The workspace gid this hook is coming from. | |
?task undefined | The task gid this hook is coming from. | |
?user undefined | The user gid this hook is coming from. | |
?locale undefined | The locale of the user (i.e. en, fr) | |
?expires undefined | The time in milliseconds since epoch time when the request should expire |
Responses
Status | Description | ||||
200 Inline | Successfully attached the resource created by the form. | ||||
↓ Show Common Responses ↓ |
Response Schema
Status Code 200
Name | Description | |
items [TypeaheadItem] | [An object describing a typeahead result] | |
icon_url string | The URL of the icon to display next to the title | |
subtitle string | The subtitle of the typeahead item | |
title string | The title of the typeahead item | |
value string | The value of the typeahead item |
Widgets
GET /{widget_metadata_url}
POST /{resource_attach_url}
The widget is displayed when the user views a task with an attachment with a resource URL matching your capability’s match_url_pattern. When this happens, Asana will make a signed request to your widget_metadata_url, and expect a response with information to build the widget.
Get widget metadata
Code samples
curl -X GET {siteUrl}/{widget_metadata_url} \
-H 'Accept: application/json'
200 Response
{
"data": {
"comment_count": 2,
"fields": [
{
"color": "gray",
"icon_url": "https://example-icon.png",
"name": "Status",
"text": "To Do",
"type": "pill"
}
],
"footer": "Last updated 19 hours ago",
"subicon_url": "https://example-icon.png",
"subtitle": "Custom App Story · Open in Custom App",
"title": "Status"
},
"template": "summary_with_details_v0"
}
See Input/Output Options to include more fields in your response.
GET /{widget_metadata_url}
Get the metadata from the App Server to render a widget.
Parameters
Name | Description | |
?resource_url undefined | The URL of the URL attachment on the task (i.e. Jira issue, Github pull request) | |
?workspace undefined | The workspace gid this hook is coming from. | |
?task undefined | The task gid this hook is coming from. | |
?user undefined | The user gid this hook is coming from. | |
?locale undefined | The locale of the user (i.e. en, fr) | |
?attachment undefined | The attachment id of the URL attachment | |
?asset undefined | The id of an existing app action that is being edited. Should be omitted when configuring a new app action. | |
?expires undefined | The time in milliseconds since epoch time when the request should expire |
Responses
Status | Description | ||||
200 WidgetMetadata | Successfully retrieved the metadata for a single widget. | ||||
418 None | Unauthorized | ||||
↓ Show Common Responses ↓ |
Attach resource
Code samples
curl -X POST {siteUrl}/{resource_attach_url} \
-H 'Content-Type: application/json' \
-H 'Accept: application/json' \
-d '{"data": {"field":"value","field":"value"} }'
Body parameter
{
"asset": "string",
"attachment": "string",
"expires": "string",
"locale": "string",
"task": "string",
"user": "string",
"value": "string",
"workspace": "string"
}
200 Response
{
"resource_name": "Build the Thing",
"resource_url": "https://example.atlassian.net/browse/CP-1"
}
See Input/Output Options to include more fields in your response.
POST /{resource_attach_url}
When the user attaches a resource URL to a task, Asana will make a signed request to the specified resource_attach_url in the capabilities. Information about the attached resource should be included in the response.
Parameters
Name | Description | |
body object required | Request to attach a resource. |
Responses
Status | Description | ||||
200 AttachedResource | Successfully attached the resource to the given object. | ||||
↓ Show Common Responses ↓ |
Workflow App Schemas
The schema definitions for each object requested or returned from Asana's API. Some fields are not returned by default and you'll need to use Input/Output Options to include them.
AttachedResource
{
"resource_name": "Build the Thing",
"resource_url": "https://example.atlassian.net/browse/CP-1"
}
The response to a successful attach request.
Properties
Name | Description | |
resource_name string | The name of the attached resource | |
resource_url string | The URL of the attached resource |
FormMetadata
{
"error": "Create New Issue",
"fields": [
{
"error": "Maximum description length is 256 characters",
"id": "item-description",
"options": [
{
"icon_url": "some-icon.png",
"id": "opt-in",
"label": "Opt in to emails."
}
],
"placeholder": "Type description here...",
"required": true,
"title": "Item Description",
"type": "single_line_text",
"value": "It's over 9000",
"width": "full"
}
],
"on_change": {
"on_change_callback": "https://app-server/form/onchange",
"watched_fields": [
"description"
]
},
"on_submit_callback": "www.example.com/on_submit",
"submit_button_text": "Create New Issue",
"title": "Create New Issue"
}
Contains the metadata that describes how to display and manage a form
Properties
Name | Description | |
error string | The error that should be displayed at the footer of the creation form | |
fields [object] | An array of FormField objects that are rendered in the order they are in the array. | |
on_change object | Contains the information to handle whenever watched form fields are changed | |
on_submit_callback string | The URL to POST the form to when the user clicks the submit button. If this is field is omitted then the submission button will be disabled. This is useful if the user must enter information in a watched field first, such as to show additional fields. | |
submit_button_text string | The text to display on the form’s submit button. If not provided, the default text “Submit” will be displayed on the button. | |
title string | The title of the form, which is displayed at the top of the creation form |
Enumerated Values
Property | Value | |
type | single_line_text | |
type | multi_line_text | |
type | rich_text | |
type | static_text | |
type | dropdown | |
type | checkboxes | |
type | date_input | |
type | date_time_input | |
type | typeahead | |
width | full | |
width | half |
RanAction
{
"action_result": "resources_created",
"resources_created": [
{
"resource_name": "Build the Thing",
"resource_url": "https://example.atlassian.net/browse/CP-1"
}
]
}
The response to an action request.
Properties
Name | Description | |
action_result string | Specifies any additional information that the app wants to send to Asana on completion of the action. | |
resources_created [object] | A field with the data corresponding to the action_result value. Each action_result has its own data field shape that Asana expects. resources_created expects the name and url of the resources that the action created. |
Enumerated Values
Property | Value | |
action_result | resources_created | |
action_result | ok |
TypeaheadItem
{
"icon_url": "https://example-icon.png",
"subtitle": "OTP",
"title": "OTP Team PF",
"value": "OTP"
}
An object describing a typeahead result
Properties
Name | Description | |
icon_url string | The URL of the icon to display next to the title | |
subtitle string | The subtitle of the typeahead item | |
title string | The title of the typeahead item | |
value string | The value of the typeahead item |
WidgetMetadata
{
"data": {
"comment_count": 2,
"fields": [
{
"color": "gray",
"icon_url": "https://example-icon.png",
"name": "Status",
"text": "To Do",
"type": "pill"
}
],
"footer": "Last updated 19 hours ago",
"subicon_url": "https://example-icon.png",
"subtitle": "Custom App Story · Open in Custom App",
"title": "Status"
},
"template": "summary_with_details_v0"
}
An object containing information about the widget
Properties
Name | Description | |
data object | none | |
template string | none |
Enumerated Values
Property | Value | |
color | none | |
color | red" | |
color | orange | |
color | yellow-orange | |
color | yellow | |
color | yellow-green | |
color | green | |
color | blue-green | |
color | aqua | |
color | blue | |
color | indigo | |
color | purple | |
color | magenta | |
color | hot-pink | |
color | pink | |
color | cool-gray | |
type | pill | |
type | icon | |
template | summary_with_details_v0 |
API Reference
Scroll down for code samples, example requests and responses. Select a language for code samples from the tabs above or the mobile navigation menu.
This is the interface for interacting with the Asana Platform. Our API reference is generated from our OpenAPI spec.
Base URLs:
Attachments
GET /attachments/{attachment_gid}
DELETE /attachments/{attachment_gid}
GET /tasks/{task_gid}/attachments
POST /tasks/{task_gid}/attachments
An attachment object represents any file attached to a task in Asana, whether it’s an uploaded file or one associated via a third-party service such as Dropbox or Google Drive.
Get an attachment
Code samples
curl -X GET https://app.asana.com/api/1.0/attachments/{attachment_gid} \
-H 'Accept: application/json' \
-H 'Authorization: Bearer {access-token}'
200 Response
{
"data": {
"gid": "12345",
"resource_type": "attachment",
"name": "Screenshot.png",
"resource_subtype": null,
"created_at": "2012-02-22T02:06:58.147Z",
"download_url": "https://s3.amazonaws.com/assets/123/Screenshot.png",
"host": "dropbox",
"parent": {
"gid": "12345",
"resource_type": "task",
"name": "Bug Task"
},
"view_url": "https://www.dropbox.com/s/123/Screenshot.png"
}
}
See Input/Output Options to include more fields in your response.
GET /attachments/{attachment_gid}
Get the full record for a single attachment.
Parameters
Name | Description | ||||
/attachment_gid string required | Globally unique identifier for the attachment. | ||||
↓ Show Common Parameters ↓ |
Responses
Status | Description | ||||
200 Attachment | Successfully retrieved the record for a single attachment. | ||||
↓ Show Common Responses ↓ |
Delete an attachment
Code samples
curl -X DELETE https://app.asana.com/api/1.0/attachments/{attachment_gid} \
-H 'Accept: application/json' \
-H 'Authorization: Bearer {access-token}'
200 Response
{
"data": {}
}
See Input/Output Options to include more fields in your response.
DELETE /attachments/{attachment_gid}
Deletes a specific, existing attachment.
Returns an empty data record.
Parameters
Name | Description | ||||
/attachment_gid string required | Globally unique identifier for the attachment. | ||||
↓ Show Common Parameters ↓ |
Responses
Status | Description | ||||
200 Inline | Successfully deleted the specified attachment. | ||||
↓ Show Common Responses ↓ |
Response Schema
Status Code 200
Get attachments for a task
Code samples
curl -X GET https://app.asana.com/api/1.0/tasks/{task_gid}/attachments \
-H 'Accept: application/json' \
-H 'Authorization: Bearer {access-token}'
200 Response
{
"data": [
{
"gid": "12345",
"resource_type": "attachment",
"name": "Screenshot.png",
"resource_subtype": null
}
]
}
See Input/Output Options to include more fields in your response.
GET /tasks/{task_gid}/attachments
Returns the compact records for all attachments on the task.
Parameters
Name | Description | ||||
/task_gid string required | The task to operate on. | ||||
↓ Show Common Parameters ↓ |
Responses
Status | Description | ||||
200 AttachmentCompact | Successfully retrieved the compact records for all attachments on the task. | ||||
↓ Show Common Responses ↓ |
Upload an attachment
Code samples
curl -X POST https://app.asana.com/api/1.0/tasks/{task_gid}/attachments \
-H 'Content-Type: multipart/form-data' \
-H 'Accept: application/json' \
-H 'Authorization: Bearer {access-token}' \
-d '{"data": {"field":"value","field":"value"} }'
Body parameter
file: string
200 Response
{
"data": {
"gid": "12345",
"resource_type": "attachment",
"name": "Screenshot.png",
"resource_subtype": null,
"created_at": "2012-02-22T02:06:58.147Z",
"download_url": "https://s3.amazonaws.com/assets/123/Screenshot.png",
"host": "dropbox",
"parent": {
"gid": "12345",
"resource_type": "task",
"name": "Bug Task"
},
"view_url": "https://www.dropbox.com/s/123/Screenshot.png"
}
}
See Input/Output Options to include more fields in your response.
POST /tasks/{task_gid}/attachments
Upload an attachment.
This method uploads an attachment to a task and returns the compact record for the created attachment object. It is not possible to attach files from third party services such as Dropbox, Box & Google Drive via the API. You must download the file content first and then upload it as any other attachment.
The 100MB size limit on attachments in Asana is enforced on this endpoint.
This endpoint expects a multipart/form-data encoded request containing the full contents of the file to be uploaded.
Requests made should follow the HTTP/1.1 specification that line
terminators are of the form CRLF
or \r\n
outlined
here
in order for the server to reliably and properly handle the request.
Parameters
Name | Description | ||||
/task_gid string required | The task to operate on. | ||||
body object required | The file you want to upload. | ||||
↓ Show Common Parameters ↓ |
Detailed descriptions
body: The file you want to upload.
Note when using curl:
Be sure to add an ‘@’
before the file path, and use the --form
option instead of the -d
option.
When uploading PDFs with curl, force the content-type to be pdf by
appending the content type to the file path: --form
"file=@file.pdf;type=application/pdf"
.
Responses
Status | Description | ||||
200 Attachment | Successfully uploaded the attachment to the task. | ||||
↓ Show Common Responses ↓ |
Batch API
POST /batch
There are many cases where you want to accomplish a variety of work in the Asana API but want to minimize the number of HTTP requests you make. For example:
- Modern browsers limit the number of requests that a single web page can make at once.
- Mobile apps will use more battery life to keep the cellular radio on when making a series of requests.
- There is an overhead cost to developing software that can make multiple requests in parallel.
- Some cloud platforms handle parallelism poorly, or disallow it entirely.
To make development easier in these use cases, Asana provides a batch API that enables developers to perform multiple “actions” by making only a single HTTP request.
Making a Batch Request
To make a batch request, send a POST
request to /batch
. Like other POST
endpoints, the body should contain a data
envelope. Inside this envelope should be a single actions
field, containing a list of “action” objects. Each action represents a standard request to an existing endpoint in the Asana API.
The maximum number of actions allowed in a single batch request is 10. Making a batch request with no actions in it will result in a 400 Bad Request
.
When the batch API receives the list of actions to execute, it will dispatch those actions to the already-implemented endpoints specified by the relative_path
and method
for each action. This happens in parallel, so all actions in the request will be processed simultaneously. There is no guarantee of the execution order for these actions, nor is there a way to use the output of one action as the input of another action (such as creating a task and then commenting on it).
The response to the batch request will contain (within the data
envelope) a list of result objects, one for each action. The results are guaranteed to be in the same order as the actions in the request, e.g., the first result in the response corresponds to the first action in the request.
The batch API will always attempt to return a 200 Success
response with individual result objects for each individual action in the request. Only in certain cases (such as missing authorization or malformed JSON in the body) will the entire request fail with another status code. Even if every individual action in the request fails, the batch API will still return a 200 Success
response, and each result object in the response will contain the errors encountered with each action.
Rate Limiting
The batch API fully respects all of our rate limiting. This means that a batch request counts against both the standard rate limiter and the concurrent request limiter as though you had made a separate HTTP request for every individual action. For example, a batch request with five actions counts as five separate requests in the standard rate limiter, and counts as five concurrent requests in the concurrent request limiter. The batch request itself incurs no cost.
If any of the actions in a batch request would exceed any of the enforced limits, the entire request will fail with a 429 Too Many Requests
error. This is to prevent the unpredictability of which actions might succeed if not all of them could succeed.
Restrictions
Not every endpoint can be accessed through the batch API. Specifically, the following actions cannot be taken and will result in a 400 Bad Request
for that action:
- Uploading attachments
- Creating, getting, or deleting organization exports
- Any SCIM operations
- Nested calls to the batch API
Submit parallel requests
Code samples
curl -X POST https://app.asana.com/api/1.0/batch \
-H 'Content-Type: application/json' \
-H 'Accept: application/json' \
-H 'Authorization: Bearer {access-token}' \
-d '{"data": {"field":"value","field":"value"} }'
Body parameter
{
"data": {
"actions": [
{
"data": {
"assignee": "me",
"workspace": "1337"
},
"method": "get",
"options": {
"fields": [
"name",
"notes",
"completed"
],
"limit": 3
},
"relative_path": "/tasks/123"
}
]
}
}
200 Response
{
"data": [
{
"body": {
"data": {
"completed": false,
"gid": "1967",
"name": "Hello, world!",
"notes": "How are you today?"
}
},
"headers": {
"location": "/tasks/1234"
},
"status_code": 200
}
]
}
See Input/Output Options to include more fields in your response.
POST /batch
Make multiple requests in parallel to Asana's API.
Parameters
Name | Description | ||||
body object required | The requests to batch together via the Batch API. | ||||
↓ Show Common Parameters ↓ |
Enumerated Values
Parameter | Value | |
method | get | |
method | post | |
method | put | |
method | delete | |
method | patch | |
method | head |
Responses
Status | Description | ||||
200 Batch | Successfully completed the requested batch API operations. | ||||
↓ Show Common Responses ↓ |
Custom Fields
POST /custom_fields
GET /custom_fields/{custom_field_gid}
PUT /custom_fields/{custom_field_gid}
DELETE /custom_fields/{custom_field_gid}
GET /workspaces/{workspace_gid}/custom_fields
POST /custom_fields/{custom_field_gid}/enum_options
POST /custom_fields/{custom_field_gid}/enum_options/insert
PUT /enum_options/{enum_option_gid}
In the Asana application, Tasks, Projects, and Portfolios can hold user-specified Custom Fields which provide extra information; for example, a priority value or a number representing the time required to complete a Task. This lets a user define the type of information that each Item within a Project or Portfolio can contain in addition to the built-in fields that Asana provides.
Note: Custom Fields are a premium feature. Integrations which work with Custom Fields need to handle an assortment of use cases for free and premium users in context of free and premium organizations. For a detailed examination of to what data users will have access in different circumstances, read the section below on access control.
The characteristics of Custom Fields are:
- There is metadata that defines the Custom Field. This metadata can be shared across an entire workspace, or be specific to a Project or Portfolio.
- Creating a Custom Field Setting on a Project or Portfolio means each direct child will have the custom field. This is conceptually akin to adding columns in a database or a spreadsheet: every Task (row) in the Project (table) can contain information for that field, including "blank" values, i.e.
null
data. For Portfolio custom fields, every Project (row) in the Portfolio (table) will contain information for the custom field. - Custom Field Settings only go one child deep. Meaning a custom field setting on a portfolio will give each project the custom field, but not each task within those projects.
- Tasks have Custom Field values assigned to them.
A brief example: let's imagine that an organization has defined a Custom Field for "Priority". This field is of enum
type and can have user-defined values of Low
, Medium
, or High
. This is the field metadata, and it is visible within, and shared across, the entire organization.
A Project is then created in the organization, called "Bugs", and the "Priority" Custom Field is associated with that Project. This will allow all Tasks within the "Bugs" Project to have an associated "Priority".
A new Task is created within "Bugs". This Task, then, has a field named "Priority" which can take on the Custom Field value of one of [null]
, Low
, Medium
, and High
.
These Custom Fields are accessible via the API through a number of endpoints at the top level (e.g. /custom_fields
and /custom_field_settings
) and through calls on Workspaces, Portfolios, Projects, and Tasks resources. The API also provides a way to fetch both the metadata and data which define each particular Custom Field, so that a client application may render proper UI to display or edit the values.
Custom Field aware integrations need to be aware of the basic types that Custom Fields can adopt. These types are:
text
- an arbitrary, relatively short string of textnumber
- a number with a defined level of precisionenum
- a selection from a defined list of options
Text fields are currently limited to 1024 characters. On Tasks, their Custom Field value will have a text_value
property to represent this field.
Number fields can have an arbitrary precision
associated with them; for example, a precision of 2
would round its value to the second (hundredths) place, i.e. 1.2345 would round to 1.23. On Tasks, the Custom Field value will have a number_value
property to represent this field.
Enum fields represent a selection from a list of options. On the metadata, they will contain all of the options in an array. Each option has 4 properties:
gid
- the gid of this enum option. Note that this is the gid of the option - the Custom Field itself has a separategid
.name
- the name of the option, e.g. "Choice #1"enabled
- whether this field is enabled. Disabled fields are not available to choose from when disabled, and are visually hidden in the Asana application, but they remain in the metadata for Custom Field values which were set to the option before the option was disabled.color
- a color associated with this choice.
On the Task's Custom Field value, the enum will have an enum_value
property which will be the same as one of the choices from the list defined in the Custom Field metadata.
Querying an organization for its Custom Fields
For Custom Fields shared across the workspace or organization, the Workspace can be queried for its list of defined Custom Fields. Like other collection queries, the fields will be returned as a compact record; slightly different from most other compact records is the fact that the compact record for Custom Fields includes type
as well as gid
and name
.
Accessing Custom Field definitions
The Custom Fields reference describes how the metadata which defines a Custom Field is accessed. A GET request with a gid
can be issued on the /custom_fields
endpoint to fetch the full definition of a single Custom Field given its gid
from (for instance) listing all Custom Fields on a Workspace, or getting the gid
from a Custom Field Settings object or a Task.
Associating Custom Fields with a Project or Portfolio
A mapping between a Custom Field and a Project or Portfolio is handled with a Custom Field Settings object. This object contains a reference for each of the Custom Field and the Project or Porfolio, as well as additional information about the status of that particular Custom Field. For instance, is_important
, which defines whether or not the custom field will appear in the list/grid on the Asana application.
Accessing Custom Field values on Tasks or Projects
The Tasks reference has information on how Custom Fields look on Tasks. Custom Fields will return as an array on the property custom_fields
, and each entry will contain, side-by-side, the compact representation of the Custom Field metadata and a {typename}_value
property that stores the value set for the Custom Field.
Of particular note is that the top-level gid
of each entry in the custom_fields
array is the gid
of the Custom Field metadata, as it is the compact representation of this metadata. This can be used to refer to the full metadata by making a request to the /custom_fields/{custom_fields_id}
endpoint as described above.
Custom Fields can be set just as in the Asana-defined fields on a task via POST or PUT requests. You can see an example on the update a task endpoint.
Custom Fields on projects follow this same pattern.
Warning: Program defensively with regards to Custom Field definitions
Asana application users have the ability to change the definitions of Custom Field metadata. This means that as you write scripts or applications to work with them, it's possible for the definitions to change at any time, which may cause an application using them to break or malfunction if it makes assumptions about the metadata for a particular Custom Field. When using Custom Fields, it is a good idea to program defensively, meaning you your application should double-check that the Custom Field metadata is what it expects.
Storing the state of the Custom Field metadata for too long if you dynamically create a model for it can cause your model to become unsynchronized with the model stored in Asana. If you encounter (for example) an enum
value on a Task that does not match any option in your metadata model, your metadata model has become out of date with the Custom Field metadata.
Note: We are currently studying proposals for future implementations to more elegantly handle the modification of Custom Field metadata for application integrations.
Enabled and Disabled Values
When information that is contained in a Custom Field value loses a logical association with its metadata definition, the value becomes disabled. This can happen in a couple of simple ways, for example, if you remove the Custom Field metadata from a Project, or move a Task with a Custom Field to a different Project which does not have the Custom Field metadata associated with it. The value remains on the Task, and the Custom Field metadata can still be found and examined, but as the context in which the Custom Field makes sense is gone, the Custom Field cannot change its value; it can only be cleared.
Note: Tasks that are associated with multiple Projects do not become disabled, so long as at least one of the Projects is still associated with the Custom Field metadata. In other words, Tasks with multiple Projects will retain logically associated to the set of Custom Field metadata represented by all of their Projects.
Moving the Task back under a Project with that Custom Field applied to it or applying the Custom Field metadata to the current Project will return the Custom Field value to an enabled state. In this scenario, the Custom Field will be re-enabled and editable again.
In the Asana application, disabled fields are grayed out and not allowed to change, other than to be discarded. In the API, we return a property enabled: false
to inform the external application that the value has been disabled.
Note that the API enforces the same operations on disabled Custom Field values as hold in the Asana application: they may not have their values changed, since the lack of context for the values of a custom field in general doesn't provide enough information to know what new values should be. Setting the Custom Field value to null
will clear and remove the Custom Field value from the Task.
Custom Field access control
Custom Fields are a complex feature of the Asana platform, and their access in the Asana application and in the API vary based on the status of the user and project. When building your application, it's best to be defensive and not assume the given user will have read or write access to a custom field, and fail gracefully when this occurs.
Create a custom field
Code samples
curl -X POST https://app.asana.com/api/1.0/custom_fields \
-H 'Content-Type: application/json' \
-H 'Accept: application/json' \
-H 'Authorization: Bearer {access-token}' \
-d '{"data": {"field":"value","field":"value"} }'
Body parameter
{
"data": {
"currency_code": "EUR",
"custom_label": "gold pieces",
"custom_label_position": "suffix",
"description": "Development team priority",
"enabled": true,
"enum_options": [
{
"color": "blue",
"enabled": true,
"name": "Low"
}
],
"format": "custom",
"has_notifications_enabled": true,
"name": "Status",
"number_value": 5.2,
"precision": 2,
"resource_subtype": "text",
"text_value": "Some Value",
"workspace": "1331"
}
}
201 Response
{
"data": {
"gid": "12345",
"resource_type": "custom_field",
"currency_code": "EUR",
"custom_label": "gold pieces",
"custom_label_position": "suffix",
"description": "Development team priority",
"enabled": true,
"enum_options": [
{
"gid": "12345",
"resource_type": "enum_option",
"color": "blue",
"enabled": true,
"name": "Low"
}
],
"enum_value": {
"gid": "12345",
"resource_type": "enum_option",
"color": "blue",
"enabled": true,
"name": "Low"
},
"format": "custom",
"has_notifications_enabled": true,
"is_global_to_workspace": true,
"name": "Status",
"number_value": 5.2,
"precision": 2,
"resource_subtype": "text",
"text_value": "Some Value",
"type": "text"
}
}
See Input/Output Options to include more fields in your response.
POST /custom_fields
Creates a new custom field in a workspace. Every custom field is required to be created in a specific workspace, and this workspace cannot be changed once set.
A custom field’s name must be unique within a workspace and not conflict with names of existing task properties such as ‘Due Date’ or ‘Assignee’. A custom field’s type must be one of ‘text’, ‘enum’, or ‘number’.
Returns the full record of the newly created custom field.
Parameters
Name | Description | ||||
body object | The custom field object to create. | ||||
↓ Show Common Parameters ↓ |
Detailed descriptions
precision: Only relevant for custom fields of type ‘Number’. This field dictates the number of places after the decimal to round to, i.e. 0 is integer values, 1 rounds to the nearest tenth, and so on. Must be between 0 and 6, inclusive. For percentage format, this may be unintuitive, as a value of 0.25 has a precision of 0, while a value of 0.251 has a precision of 1. This is due to 0.25 being displayed as 25%. The identifier format will always have a precision of 0.
Enumerated Values
Parameter | Value | |
custom_label_position | prefix | |
custom_label_position | suffix | |
format | currency | |
format | identifier | |
format | percentage | |
format | custom | |
format | none | |
resource_subtype | text | |
resource_subtype | enum | |
resource_subtype | number |
Responses
Status | Description | ||||
201 CustomField | Custom field successfully created. | ||||
↓ Show Common Responses ↓ |
Get a custom field
Code samples
curl -X GET https://app.asana.com/api/1.0/custom_fields/{custom_field_gid} \
-H 'Accept: application/json' \
-H 'Authorization: Bearer {access-token}'
200 Response
{
"data": {
"gid": "12345",
"resource_type": "custom_field",
"currency_code": "EUR",
"custom_label": "gold pieces",
"custom_label_position": "suffix",
"description": "Development team priority",
"enabled": true,
"enum_options": [
{
"gid": "12345",
"resource_type": "enum_option",
"color": "blue",
"enabled": true,
"name": "Low"
}
],
"enum_value": {
"gid": "12345",
"resource_type": "enum_option",
"color": "blue",
"enabled": true,
"name": "Low"
},
"format": "custom",
"has_notifications_enabled": true,
"is_global_to_workspace": true,
"name": "Status",
"number_value": 5.2,
"precision": 2,
"resource_subtype": "text",
"text_value": "Some Value",
"type": "text"
}
}
See Input/Output Options to include more fields in your response.
GET /custom_fields/{custom_field_gid}
Get the complete definition of a custom field’s metadata.
Since custom fields can be defined for one of a number of types, and these types have different data and behaviors, there are fields that are relevant to a particular type. For instance, as noted above, enum_options is only relevant for the enum type and defines the set of choices that the enum could represent. The examples below show some of these type-specific custom field definitions.
Parameters
Name | Description | ||||
/custom_field_gid string required | Globally unique identifier for the custom field. | ||||
↓ Show Common Parameters ↓ |
Responses
Status | Description | ||||
200 CustomField | Successfully retrieved the complete definition of a custom field’s metadata. | ||||
↓ Show Common Responses ↓ |
Update a custom field
Code samples
curl -X PUT https://app.asana.com/api/1.0/custom_fields/{custom_field_gid} \
-H 'Content-Type: application/json' \
-H 'Accept: application/json' \
-H 'Authorization: Bearer {access-token}' \
-d '{"data": {"field":"value","field":"value"} }'
Body parameter
{
"data": {
"currency_code": "EUR",
"custom_label": "gold pieces",
"custom_label_position": "suffix",
"description": "Development team priority",
"enabled": true,
"enum_options": [
{
"color": "blue",
"enabled": true,
"name": "Low"
}
],
"format": "custom",
"has_notifications_enabled": true,
"name": "Status",
"number_value": 5.2,
"precision": 2,
"resource_subtype": "text",
"text_value": "Some Value",
"workspace": "1331"
}
}
200 Response
{
"data": {
"gid": "12345",
"resource_type": "custom_field",
"currency_code": "EUR",
"custom_label": "gold pieces",
"custom_label_position": "suffix",
"description": "Development team priority",
"enabled": true,
"enum_options": [
{
"gid": "12345",
"resource_type": "enum_option",
"color": "blue",
"enabled": true,
"name": "Low"
}
],
"enum_value": {
"gid": "12345",
"resource_type": "enum_option",
"color": "blue",
"enabled": true,
"name": "Low"
},
"format": "custom",
"has_notifications_enabled": true,
"is_global_to_workspace": true,
"name": "Status",
"number_value": 5.2,
"precision": 2,
"resource_subtype": "text",
"text_value": "Some Value",
"type": "text"
}
}
See Input/Output Options to include more fields in your response.
PUT /custom_fields/{custom_field_gid}
A specific, existing custom field can be updated by making a PUT request on the URL for that custom field. Only the fields provided in the data
block will be updated; any unspecified fields will remain unchanged
When using this method, it is best to specify only those fields you wish to change, or else you may overwrite changes made by another user since you last retrieved the custom field.
A custom field’s type
cannot be updated.
An enum custom field’s enum_options
cannot be updated with this endpoint. Instead see “Work With Enum Options” for information on how to update enum_options
.
Locked custom fields can only be updated by the user who locked the field.
Returns the complete updated custom field record.
Parameters
Name | Description | ||||
/custom_field_gid string required | Globally unique identifier for the custom field. | ||||
body object | The custom field object with all updated properties. | ||||
↓ Show Common Parameters ↓ |
Detailed descriptions
precision: Only relevant for custom fields of type ‘Number’. This field dictates the number of places after the decimal to round to, i.e. 0 is integer values, 1 rounds to the nearest tenth, and so on. Must be between 0 and 6, inclusive. For percentage format, this may be unintuitive, as a value of 0.25 has a precision of 0, while a value of 0.251 has a precision of 1. This is due to 0.25 being displayed as 25%. The identifier format will always have a precision of 0.
Enumerated Values
Parameter | Value | |
custom_label_position | prefix | |
custom_label_position | suffix | |
format | currency | |
format | identifier | |
format | percentage | |
format | custom | |
format | none | |
resource_subtype | text | |
resource_subtype | enum | |
resource_subtype | number |
Responses
Status | Description | ||||
200 CustomField | The custom field was successfully updated. | ||||
↓ Show Common Responses ↓ |
Delete a custom field
Code samples
curl -X DELETE https://app.asana.com/api/1.0/custom_fields/{custom_field_gid} \
-H 'Accept: application/json' \
-H 'Authorization: Bearer {access-token}'
200 Response
{
"data": {}
}
See Input/Output Options to include more fields in your response.
DELETE /custom_fields/{custom_field_gid}
A specific, existing custom field can be deleted by making a DELETE request on the URL for that custom field. Locked custom fields can only be deleted by the user who locked the field. Returns an empty data record.
Parameters
Name | Description | ||||
/custom_field_gid string required | Globally unique identifier for the custom field. | ||||
↓ Show Common Parameters ↓ |
Responses
Status | Description | ||||
200 Inline | The custom field was successfully deleted. | ||||
↓ Show Common Responses ↓ |
Response Schema
Status Code 200
Get a workspace's custom fields
Code samples
curl -X GET https://app.asana.com/api/1.0/workspaces/{workspace_gid}/custom_fields \
-H 'Accept: application/json' \
-H 'Authorization: Bearer {access-token}'
200 Response
{
"data": [
{
"gid": "12345",
"resource_type": "custom_field",
"currency_code": "EUR",
"custom_label": "gold pieces",
"custom_label_position": "suffix",
"description": "Development team priority",
"enabled": true,
"enum_options": [
{
"gid": "12345",
"resource_type": "enum_option",
"color": "blue",
"enabled": true,
"name": "Low"
}
],
"enum_value": {
"gid": "12345",
"resource_type": "enum_option",
"color": "blue",
"enabled": true,
"name": "Low"
},
"format": "custom",
"has_notifications_enabled": true,
"is_global_to_workspace": true,
"name": "Status",
"number_value": 5.2,
"precision": 2,
"resource_subtype": "text",
"text_value": "Some Value",
"type": "text"
}
]
}
See Input/Output Options to include more fields in your response.
GET /workspaces/{workspace_gid}/custom_fields
Returns a list of the compact representation of all of the custom fields in a workspace.
Parameters
Name | Description | ||||
/workspace_gid string required | Globally unique identifier for the workspace or organization. | ||||
↓ Show Common Parameters ↓ |
Responses
Status | Description | ||||
200 CustomField | Successfully retrieved all custom fields for the given workspace. | ||||
↓ Show Common Responses ↓ |
Create an enum option
Code samples
curl -X POST https://app.asana.com/api/1.0/custom_fields/{custom_field_gid}/enum_options \
-H 'Content-Type: application/json' \
-H 'Accept: application/json' \
-H 'Authorization: Bearer {access-token}' \
-d '{"data": {"field":"value","field":"value"} }'
Body parameter
{
"data": {
"color": "blue",
"enabled": true,
"insert_after": "12345",
"insert_before": "12345",
"name": "Low"
}
}
201 Response
{
"data": {
"gid": "12345",
"resource_type": "enum_option",
"color": "blue",
"enabled": true,
"name": "Low"
}
}
See Input/Output Options to include more fields in your response.
POST /custom_fields/{custom_field_gid}/enum_options
Creates an enum option and adds it to this custom field’s list of enum options. A custom field can have at most 50 enum options (including disabled options). By default new enum options are inserted at the end of a custom field’s list. Locked custom fields can only have enum options added by the user who locked the field. Returns the full record of the newly created enum option.
Parameters
Name | Description | ||||
/custom_field_gid string required | Globally unique identifier for the custom field. | ||||
body object | The enum option object to create. | ||||
↓ Show Common Parameters ↓ |
Responses
Status | Description | ||||
201 EnumOption | Custom field enum option successfully created. | ||||
↓ Show Common Responses ↓ |
Reorder a custom field's enum
Code samples
curl -X POST https://app.asana.com/api/1.0/custom_fields/{custom_field_gid}/enum_options/insert \
-H 'Content-Type: application/json' \
-H 'Accept: application/json' \
-H 'Authorization: Bearer {access-token}' \
-d '{"data": {"field":"value","field":"value"} }'
Body parameter
{
"data": {
"after_enum_option": "12345",
"before_enum_option": "12345",
"enum_option": "97285"
}
}
200 Response
{
"data": {
"gid": "12345",
"resource_type": "enum_option",
"color": "blue",
"enabled": true,
"name": "Low"
}
}
See Input/Output Options to include more fields in your response.
POST /custom_fields/{custom_field_gid}/enum_options/insert
Moves a particular enum option to be either before or after another specified enum option in the custom field. Locked custom fields can only be reordered by the user who locked the field.
Parameters
Name | Description | ||||
/custom_field_gid string required | Globally unique identifier for the custom field. | ||||
body object | The enum option object to create. | ||||
↓ Show Common Parameters ↓ |
Responses
Status | Description | ||||
200 EnumOption | Custom field enum option successfully reordered. | ||||
↓ Show Common Responses ↓ |
Update an enum option
Code samples
curl -X PUT https://app.asana.com/api/1.0/enum_options/{enum_option_gid} \
-H 'Content-Type: application/json' \
-H 'Accept: application/json' \
-H 'Authorization: Bearer {access-token}' \
-d '{"data": {"field":"value","field":"value"} }'
Body parameter
{
"data": {
"color": "blue",
"enabled": true,
"insert_after": "12345",
"insert_before": "12345",
"name": "Low"
}
}
200 Response
{
"data": {
"gid": "12345",
"resource_type": "enum_option",
"color": "blue",
"enabled": true,
"name": "Low"
}
}
See Input/Output Options to include more fields in your response.
PUT /enum_options/{enum_option_gid}
Updates an existing enum option. Enum custom fields require at least one enabled enum option. Locked custom fields can only be updated by the user who locked the field. Returns the full record of the updated enum option.
Parameters
Name | Description | ||||
/enum_option_gid string required | Globally unique identifier for the enum option. | ||||
body object | The enum option object to update | ||||
↓ Show Common Parameters ↓ |
Responses
Status | Description | ||||
200 EnumOption | Successfully updated the specified custom field enum. | ||||
↓ Show Common Responses ↓ |
Custom Field Settings
GET /projects/{project_gid}/custom_field_settings
GET /portfolios/{portfolio_gid}/custom_field_settings
Custom fields are attached to a particular project with the Custom Field Settings resource. This resource both represents the many-to-many join of the Custom Field and Project as well as stores information that is relevant to that particular pairing; for instance, the is_important
property determines some possible application-specific handling of that custom field.
Get a project's custom fields
Code samples
curl -X GET https://app.asana.com/api/1.0/projects/{project_gid}/custom_field_settings \
-H 'Accept: application/json' \
-H 'Authorization: Bearer {access-token}'
200 Response
{
"data": [
{
"gid": "12345",
"resource_type": "custom_field_setting",
"custom_field": {
"gid": "12345",
"resource_type": "custom_field",
"currency_code": "EUR",
"custom_label": "gold pieces",
"custom_label_position": "suffix",
"description": "Development team priority",
"enabled": true,
"enum_options": [
{
"gid": "12345",
"resource_type": "enum_option",
"color": "blue",
"enabled": true,
"name": "Low"
}
],
"enum_value": {
"gid": "12345",
"resource_type": "enum_option",
"color": "blue",
"enabled": true,
"name": "Low"
},
"format": "custom",
"has_notifications_enabled": true,
"is_global_to_workspace": true,
"name": "Status",
"number_value": 5.2,
"precision": 2,
"resource_subtype": "text",
"text_value": "Some Value",
"type": "text"
},
"is_important": false,
"parent": {
"gid": "12345",
"resource_type": "project",
"name": "Stuff to buy"
},
"project": {
"gid": "12345",
"resource_type": "project",
"name": "Stuff to buy"
}
}
]
}
See Input/Output Options to include more fields in your response.
GET /projects/{project_gid}/custom_field_settings
Returns a list of all of the custom fields settings on a project, in compact form. Note that, as in all queries to collections which return compact representation, opt_fields
can be used to include more data than is returned in the compact representation. See the getting started guide on input/output options for more information.
Parameters
Name | Description | ||||
/project_gid string required | Globally unique identifier for the project. | ||||
↓ Show Common Parameters ↓ |
Responses
Status | Description | ||||
200 CustomFieldSetting | Successfully retrieved custom field settings objects for a project. | ||||
↓ Show Common Responses ↓ |
Get a portfolio's custom fields
Code samples
curl -X GET https://app.asana.com/api/1.0/portfolios/{portfolio_gid}/custom_field_settings \
-H 'Accept: application/json' \
-H 'Authorization: Bearer {access-token}'
200 Response
{
"data": [
{
"gid": "12345",
"resource_type": "custom_field_setting",
"custom_field": {
"gid": "12345",
"resource_type": "custom_field",
"currency_code": "EUR",
"custom_label": "gold pieces",
"custom_label_position": "suffix",
"description": "Development team priority",
"enabled": true,
"enum_options": [
{
"gid": "12345",
"resource_type": "enum_option",
"color": "blue",
"enabled": true,
"name": "Low"
}
],
"enum_value": {
"gid": "12345",
"resource_type": "enum_option",
"color": "blue",
"enabled": true,
"name": "Low"
},
"format": "custom",
"has_notifications_enabled": true,
"is_global_to_workspace": true,
"name": "Status",
"number_value": 5.2,
"precision": 2,
"resource_subtype": "text",
"text_value": "Some Value",
"type": "text"
},
"is_important": false,
"parent": {
"gid": "12345",
"resource_type": "project",
"name": "Stuff to buy"
},
"project": {
"gid": "12345",
"resource_type": "project",
"name": "Stuff to buy"
}
}
]
}
See Input/Output Options to include more fields in your response.
GET /portfolios/{portfolio_gid}/custom_field_settings
Returns a list of all of the custom fields settings on a portfolio, in compact form.
Parameters
Name | Description | ||||
/portfolio_gid string required | Globally unique identifier for the portfolio. | ||||
↓ Show Common Parameters ↓ |
Responses
Status | Description | ||||
200 CustomFieldSetting | Successfully retrieved custom field settings objects for a portfolio. | ||||
↓ Show Common Responses ↓ |
Events
GET /events
An event is an object representing a change to a resource that was observed by an event subscription.
In general, requesting events on a resource is faster and subject to higher rate limits than requesting the resource itself. Additionally, change events bubble up - listening to events on a project would include when stories are added to tasks in the project, even on subtasks.
Establish an initial sync token by making a request with no sync token. The response will be a 412
error - the same as if the sync token had expired.
Subsequent requests should always provide the sync token from the immediately preceding call.
Sync tokens may not be valid if you attempt to go ‘backward’ in the history by requesting previous tokens, though re-requesting the current sync token is generally safe, and will always return the same results.
When you receive a 412 Precondition Failed
error, it means that the sync token is either invalid or expired. If you are attempting to keep a set of data in sync, this signals you may need to re-crawl the data.
Sync tokens always expire after 24 hours, but may expire sooner, depending on load on the service.
Get events on a resource
Code samples
curl -X GET https://app.asana.com/api/1.0/events?resource=12345 \
-H 'Accept: application/json' \
-H 'Authorization: Bearer {access-token}'
200 Response
{
"data": [
{
"action": "changed",
"change": {
"action": "changed",
"added_value": {
"gid": "12345",
"resource_type": "user"
},
"field": "assignee",
"new_value": {
"gid": "12345",
"resource_type": "user"
},
"removed_value": {
"gid": "12345",
"resource_type": "user"
}
},
"created_at": "2012-02-22T02:06:58.147Z",
"parent": {
"gid": "12345",
"resource_type": "task",
"name": "Bug Task"
},
"resource": {
"gid": "12345",
"resource_type": "task",
"name": "Bug Task"
},
"type": "task",
"user": {
"gid": "12345",
"resource_type": "user",
"name": "Greg Sanchez"
}
}
],
"sync": "de4774f6915eae04714ca93bb2f5ee81"
}
See Input/Output Options to include more fields in your response.
GET /events
Returns the full record for all events that have occurred since the sync token was created.
A GET request to the endpoint /[path_to_resource]/events can be made in lieu of including the resource ID in the data for the request.
Note: The resource returned will be the resource that triggered the event. This may be different from the one that the events were requested for. For example, a subscription to a project will contain events for tasks contained within the project.
Parameters
Name | Description | ||||
?resource string required | A resource ID to subscribe to. The resource can be a task or project. | ||||
?sync string | A sync token received from the last request, or none on first sync. Events will be returned from the point in time that the sync token was generated. | ||||
↓ Show Common Parameters ↓ |
Detailed descriptions
sync: A sync token received from the last request, or none on first sync. Events will be returned from the point in time that the sync token was generated.
Note: On your first request, omit the sync token. The response will be the same as for an expired sync token, and will include a new valid sync token.If the sync token is too old (which may happen from time to time) the API will return a 412 Precondition Failed
error, and include a fresh sync token in the response.
Responses
Status | Description | ||||
200 Event | Successfully retrieved events. | ||||
↓ Show Common Responses ↓ |
Jobs
GET /jobs/{job_gid}
Jobs represent processes that handle asynchronous work. Jobs are created when an endpoint requests an action that will be handled asynchronously. Such as project or task duplication. Only the creator of the duplication process can access the duplication status of the new object.
Get a job by id
Code samples
curl -X GET https://app.asana.com/api/1.0/jobs/{job_gid} \
-H 'Accept: application/json' \
-H 'Authorization: Bearer {access-token}'
200 Response
{
"data": {
"gid": "12345",
"resource_type": "job",
"new_project": {
"gid": "12345",
"resource_type": "project",
"name": "Stuff to buy"
},
"new_task": {
"gid": "12345",
"resource_type": "task",
"name": "Bug Task"
},
"resource_subtype": "duplicate_task",
"status": "in_progress"
}
}
See Input/Output Options to include more fields in your response.
GET /jobs/{job_gid}
Returns the full record for a job.
Parameters
Name | Description | ||||
/job_gid string required | Globally unique identifier for the job. | ||||
↓ Show Common Parameters ↓ |
Responses
Status | Description | ||||
200 Job | Successfully retrieved Job. | ||||
↓ Show Common Responses ↓ |
Organization Exports
POST /organization_exports
GET /organization_exports/{organization_export_gid}
An organization_export object represents a request to export the complete data of an Organization in JSON format.
To export an Organization using this API:
- Create an
organization_export
request and store the id that is returned. - Request the
organization_export
every few minutes, until thestate
field contains ‘finished’. - Download the file located at the URL in the
download_url
field. * Exports can take a long time, from several minutes to a few hours for large Organizations.
Note: These endpoints are only available to Service Accounts of an Enterprise Organization.
Create an organization export request
Code samples
curl -X POST https://app.asana.com/api/1.0/organization_exports \
-H 'Content-Type: application/json' \
-H 'Accept: application/json' \
-H 'Authorization: Bearer {access-token}' \
-d '{"data": {"field":"value","field":"value"} }'
Body parameter
{
"data": {
"organization": "1331"
}
}
201 Response
{
"data": {
"gid": "12345",
"resource_type": "organization_export",
"created_at": "2012-02-22T02:06:58.147Z",
"download_url": "https://asana-export.s3.amazonaws.com/export-4632784536274-20170127-43246.json.gz?AWSAccessKeyId=xxxxxxxx",
"organization": {
"gid": "12345",
"resource_type": "workspace",
"name": "My Company Workspace"
},
"state": "started"
}
}
See Input/Output Options to include more fields in your response.
POST /organization_exports
This method creates a request to export an Organization. Asana will complete the export at some point after you create the request.
Parameters
Name | Description | ||||
body object required | The organization to export. | ||||
↓ Show Common Parameters ↓ |
Responses
Status | Description | ||||
201 Inline | Successfully created organization export request. | ||||
↓ Show Common Responses ↓ |
Response Schema
Status Code 201
Name | Description | |
data OrganizationExportResponse | An organization_export object represents a request to export the complete data of an Organization in JSON format. | |
gid string | Globally unique identifier of the resource, as a string. | |
resource_type string | The base type of this resource. | |
created_at string(date-time) | The time at which this resource was created. | |
download_url string(uri)¦null | Download this URL to retreive the full export of the organization in JSON format. It will be compressed in a gzip (.gz) container. Note: May be null if the export is still in progress or failed. If present, this URL may only be valid for 1 hour from the time of retrieval. You should avoid persisting this URL somewhere and rather refresh on demand to ensure you do not keep stale URLs. | |
organization object | A workspace is the highest-level organizational unit in Asana. All projects and tasks have an associated workspace. | |
gid string | Globally unique identifier of the resource, as a string. | |
resource_type string | The base type of this resource. | |
name string | The name of the workspace. | |
state string | The current state of the export. |
Enumerated Values
Property | Value | |
state | pending | |
state | started | |
state | finished | |
state | error |
Get details on an org export request
Code samples
curl -X GET https://app.asana.com/api/1.0/organization_exports/{organization_export_gid} \
-H 'Accept: application/json' \
-H 'Authorization: Bearer {access-token}'
200 Response
{
"data": {
"gid": "12345",
"resource_type": "organization_export",
"created_at": "2012-02-22T02:06:58.147Z",
"download_url": "https://asana-export.s3.amazonaws.com/export-4632784536274-20170127-43246.json.gz?AWSAccessKeyId=xxxxxxxx",
"organization": {
"gid": "12345",
"resource_type": "workspace",
"name": "My Company Workspace"
},
"state": "started"
}
}
See Input/Output Options to include more fields in your response.
GET /organization_exports/{organization_export_gid}
Returns details of a previously-requested Organization export.
Parameters
Name | Description | ||||
/organization_export_gid string required | Globally unique identifier for the organization export. | ||||
↓ Show Common Parameters ↓ |
Responses
Status | Description | ||||
200 Inline | Successfully retrieved organization export object. | ||||
↓ Show Common Responses ↓ |
Response Schema
Status Code 200
Name | Description | |
data OrganizationExportResponse | An organization_export object represents a request to export the complete data of an Organization in JSON format. | |
gid string | Globally unique identifier of the resource, as a string. | |
resource_type string | The base type of this resource. | |
created_at string(date-time) | The time at which this resource was created. | |
download_url string(uri)¦null | Download this URL to retreive the full export of the organization in JSON format. It will be compressed in a gzip (.gz) container. Note: May be null if the export is still in progress or failed. If present, this URL may only be valid for 1 hour from the time of retrieval. You should avoid persisting this URL somewhere and rather refresh on demand to ensure you do not keep stale URLs. | |
organization object | A workspace is the highest-level organizational unit in Asana. All projects and tasks have an associated workspace. | |
gid string | Globally unique identifier of the resource, as a string. | |
resource_type string | The base type of this resource. | |
name string | The name of the workspace. | |
state string | The current state of the export. |
Enumerated Values
Property | Value | |
state | pending | |
state | started | |
state | finished | |
state | error |
Portfolios
GET /portfolios
POST /portfolios
GET /portfolios/{portfolio_gid}
PUT /portfolios/{portfolio_gid}
DELETE /portfolios/{portfolio_gid}
GET /portfolios/{portfolio_gid}/items
POST /portfolios/{portfolio_gid}/addItem
POST /portfolios/{portfolio_gid}/removeItem
POST /portfolios/{portfolio_gid}/addCustomFieldSetting
POST /portfolios/{portfolio_gid}/removeCustomFieldSetting
POST /portfolios/{portfolio_gid}/addMembers
POST /portfolios/{portfolio_gid}/removeMembers
A 'portfolio' gives a high-level overview of the status of multiple initiatives in Asana. Portfolios provide a dashboard overview of the state of multiple projects, including a progress report and the most recent project status update. Portfolios have some restrictions on size. Each portfolio has a max of 250 items and, like projects, a max of 20 custom fields.
Get multiple portfolios
Code samples
curl -X GET https://app.asana.com/api/1.0/portfolios?workspace=1331&owner=14916 \
-H 'Accept: application/json' \
-H 'Authorization: Bearer {access-token}'
200 Response
{
"data": [
{
"gid": "12345",
"resource_type": "portfolio",
"name": "Bug Portfolio"
}
]
}
See Input/Output Options to include more fields in your response.
GET /portfolios
Returns a list of the portfolios in compact representation that are owned by the current API user.
Parameters
Name | Description | ||||
?workspace string required | The workspace or organization to filter portfolios on. | ||||
?owner string required | The user who owns the portfolio. Currently, API users can only get a list of portfolios that they themselves own. | ||||
↓ Show Common Parameters ↓ |
Responses
Status | Description | ||||
200 PortfolioCompact | Successfully retrieved portfolios. | ||||
↓ Show Common Responses ↓ |
Create a portfolio
Code samples
curl -X POST https://app.asana.com/api/1.0/portfolios \
-H 'Content-Type: application/json' \
-H 'Accept: application/json' \
-H 'Authorization: Bearer {access-token}' \
-d '{"data": {"field":"value","field":"value"} }'
Body parameter
{
"data": {
"color": "light-green",
"members": [
"52164",
"15363"
],
"name": "Bug Portfolio",
"workspace": "167589"
}
}
201 Response
{
"data": {
"gid": "12345",
"resource_type": "portfolio",
"name": "Bug Portfolio",
"color": "light-green",
"created_at": "2012-02-22T02:06:58.147Z",
"created_by": {
"gid": "12345",
"resource_type": "user",
"name": "Greg Sanchez"
},
"custom_field_settings": [
{
"gid": "12345",
"resource_type": "custom_field_setting",
"custom_field": {
"gid": "12345",
"resource_type": "custom_field",
"currency_code": "EUR",
"custom_label": "gold pieces",
"custom_label_position": "suffix",
"description": "Development team priority",
"enabled": true,
"enum_options": [
{
"gid": "12345",
"resource_type": "enum_option",
"color": "blue",
"enabled": true,
"name": "Low"
}
],
"enum_value": {
"gid": "12345",
"resource_type": "enum_option",
"color": "blue",
"enabled": true,
"name": "Low"
},
"format": "custom",
"has_notifications_enabled": true,
"is_global_to_workspace": true,
"name": "Status",
"number_value": 5.2,
"precision": 2,
"resource_subtype": "text",
"text_value": "Some Value",
"type": "text"
},
"is_important": false,
"parent": {
"gid": "12345",
"resource_type": "project",
"name": "Stuff to buy"
},
"project": {
"gid": "12345",
"resource_type": "project",
"name": "Stuff to buy"
}
}
],
"due_on": "2019-09-15",
"members": [
{
"gid": "12345",
"resource_type": "user",
"name": "Greg Sanchez"
}
],
"owner": {
"gid": "12345",
"resource_type": "user",
"name": "Greg Sanchez"
},
"permalink_url": "https://app.asana.com/0/resource/123456789/list",
"start_on": "2019-09-14",
"workspace": {
"gid": "12345",
"resource_type": "workspace",
"name": "My Company Workspace"
}
}
}
See Input/Output Options to include more fields in your response.
POST /portfolios
Creates a new portfolio in the given workspace with the supplied name.
Note that portfolios created in the Asana UI may have some state (like the “Priority” custom field) which is automatically added to the portfolio when it is created. Portfolios created via our API will not be created with the same initial state to allow integrations to create their own starting state on a portfolio.
Parameters
Name | Description | ||||
body object required | The portfolio to create. | ||||
↓ Show Common Parameters ↓ |
Enumerated Values
Parameter | Value | |
color | dark-pink | |
color | dark-green | |
color | dark-blue | |
color | dark-red | |
color | dark-teal | |
color | dark-brown | |
color | dark-orange | |
color | dark-purple | |
color | dark-warm-gray | |
color | light-pink | |
color | light-green | |
color | light-blue | |
color | light-red | |
color | light-teal | |
color | light-brown | |
color | light-orange | |
color | light-purple | |
color | light-warm-gray |
Responses
Status | Description | ||||
201 Portfolio | Successfully created portfolio. | ||||
↓ Show Common Responses ↓ |
Get a portfolio
Code samples
curl -X GET https://app.asana.com/api/1.0/portfolios/{portfolio_gid} \
-H 'Accept: application/json' \
-H 'Authorization: Bearer {access-token}'
200 Response
{
"data": {
"gid": "12345",
"resource_type": "portfolio",
"name": "Bug Portfolio",
"color": "light-green",
"created_at": "2012-02-22T02:06:58.147Z",
"created_by": {
"gid": "12345",
"resource_type": "user",
"name": "Greg Sanchez"
},
"custom_field_settings": [
{
"gid": "12345",
"resource_type": "custom_field_setting",
"custom_field": {
"gid": "12345",
"resource_type": "custom_field",
"currency_code": "EUR",
"custom_label": "gold pieces",
"custom_label_position": "suffix",
"description": "Development team priority",
"enabled": true,
"enum_options": [
{
"gid": "12345",
"resource_type": "enum_option",
"color": "blue",
"enabled": true,
"name": "Low"
}
],
"enum_value": {
"gid": "12345",
"resource_type": "enum_option",
"color": "blue",
"enabled": true,
"name": "Low"
},
"format": "custom",
"has_notifications_enabled": true,
"is_global_to_workspace": true,
"name": "Status",
"number_value": 5.2,
"precision": 2,
"resource_subtype": "text",
"text_value": "Some Value",
"type": "text"
},
"is_important": false,
"parent": {
"gid": "12345",
"resource_type": "project",
"name": "Stuff to buy"
},
"project": {
"gid": "12345",
"resource_type": "project",
"name": "Stuff to buy"
}
}
],
"due_on": "2019-09-15",
"members": [
{
"gid": "12345",
"resource_type": "user",
"name": "Greg Sanchez"
}
],
"owner": {
"gid": "12345",
"resource_type": "user",
"name": "Greg Sanchez"
},
"permalink_url": "https://app.asana.com/0/resource/123456789/list",
"start_on": "2019-09-14",
"workspace": {
"gid": "12345",
"resource_type": "workspace",
"name": "My Company Workspace"
}
}
}
See Input/Output Options to include more fields in your response.
GET /portfolios/{portfolio_gid}
Returns the complete portfolio record for a single portfolio.
Parameters
Name | Description | ||||
/portfolio_gid string required | Globally unique identifier for the portfolio. | ||||
↓ Show Common Parameters ↓ |
Responses
Status | Description | ||||
200 Portfolio | Successfully retrieved the requested portfolio. | ||||
↓ Show Common Responses ↓ |
Update a portfolio
Code samples
curl -X PUT https://app.asana.com/api/1.0/portfolios/{portfolio_gid} \
-H 'Content-Type: application/json' \
-H 'Accept: application/json' \
-H 'Authorization: Bearer {access-token}' \
-d '{"data": {"field":"value","field":"value"} }'
Body parameter
{
"data": {
"color": "light-green",
"members": [
"52164",
"15363"
],
"name": "Bug Portfolio",
"workspace": "167589"
}
}
200 Response
{
"data": {
"gid": "12345",
"resource_type": "portfolio",
"name": "Bug Portfolio",
"color": "light-green",
"created_at": "2012-02-22T02:06:58.147Z",
"created_by": {
"gid": "12345",
"resource_type": "user",
"name": "Greg Sanchez"
},
"custom_field_settings": [
{
"gid": "12345",
"resource_type": "custom_field_setting",
"custom_field": {
"gid": "12345",
"resource_type": "custom_field",
"currency_code": "EUR",
"custom_label": "gold pieces",
"custom_label_position": "suffix",
"description": "Development team priority",
"enabled": true,
"enum_options": [
{
"gid": "12345",
"resource_type": "enum_option",
"color": "blue",
"enabled": true,
"name": "Low"
}
],
"enum_value": {
"gid": "12345",
"resource_type": "enum_option",
"color": "blue",
"enabled": true,
"name": "Low"
},
"format": "custom",
"has_notifications_enabled": true,
"is_global_to_workspace": true,
"name": "Status",
"number_value": 5.2,
"precision": 2,
"resource_subtype": "text",
"text_value": "Some Value",
"type": "text"
},
"is_important": false,
"parent": {
"gid": "12345",
"resource_type": "project",
"name": "Stuff to buy"
},
"project": {
"gid": "12345",
"resource_type": "project",
"name": "Stuff to buy"
}
}
],
"due_on": "2019-09-15",
"members": [
{
"gid": "12345",
"resource_type": "user",
"name": "Greg Sanchez"
}
],
"owner": {
"gid": "12345",
"resource_type": "user",
"name": "Greg Sanchez"
},
"permalink_url": "https://app.asana.com/0/resource/123456789/list",
"start_on": "2019-09-14",
"workspace": {
"gid": "12345",
"resource_type": "workspace",
"name": "My Company Workspace"
}
}
}
See Input/Output Options to include more fields in your response.
PUT /portfolios/{portfolio_gid}
An existing portfolio can be updated by making a PUT request on the URL for
that portfolio. Only the fields provided in the data
block will be updated;
any unspecified fields will remain unchanged.
Returns the complete updated portfolio record.
Parameters
Name | Description | ||||
/portfolio_gid string required | Globally unique identifier for the portfolio. | ||||
body object required | The updated fields for the portfolio. | ||||
↓ Show Common Parameters ↓ |
Enumerated Values
Parameter | Value | |
color | dark-pink | |
color | dark-green | |
color | dark-blue | |
color | dark-red | |
color | dark-teal | |
color | dark-brown | |
color | dark-orange | |
color | dark-purple | |
color | dark-warm-gray | |
color | light-pink | |
color | light-green | |
color | light-blue | |
color | light-red | |
color | light-teal | |
color | light-brown | |
color | light-orange | |
color | light-purple | |
color | light-warm-gray |
Responses
Status | Description | ||||
200 Portfolio | Successfully updated the portfolio. | ||||
↓ Show Common Responses ↓ |
Delete a portfolio
Code samples
curl -X DELETE https://app.asana.com/api/1.0/portfolios/{portfolio_gid} \
-H 'Accept: application/json' \
-H 'Authorization: Bearer {access-token}'
200 Response
{
"data": {}
}
See Input/Output Options to include more fields in your response.
DELETE /portfolios/{portfolio_gid}
An existing portfolio can be deleted by making a DELETE request on the URL for that portfolio.
Returns an empty data record.
Parameters
Name | Description | ||||
/portfolio_gid string required | Globally unique identifier for the portfolio. | ||||
↓ Show Common Parameters ↓ |
Responses
Status | Description | ||||
200 Inline | Successfully deleted the specified portfolio. | ||||
↓ Show Common Responses ↓ |
Response Schema
Status Code 200
Get portfolio items
Code samples
curl -X GET https://app.asana.com/api/1.0/portfolios/{portfolio_gid}/items \
-H 'Accept: application/json' \
-H 'Authorization: Bearer {access-token}'