Guides
App directoryDocsForumMy apps
Start typing to search…

Integrating with Asana's MCP Server

🚧

Beta feature

By enabling this app integration, you acknowledge that you are using an experimental Model Context Protocol (MCP) server to connect Asana with external large language models (LLMs). As this is an experimental beta tool, it is provided on an "as is" basis. You may encounter bugs, errors, or unexpected results.

Integrating with Our Asana MCP Server

This documentation outlines the process for connecting your MCP client to our official Asana MCP server.

Discovery endpoint

MCP supports the OAuth 2.0 Authorization Server Metadata specification.

You can dynamically discover the available endpoints (such as authorization_endpoint, token_endpoint, and registration_endpoint) at:

https://mcp.asana.com/.well-known/oauth-authorization-server

This discovery endpoint should be treated as the source of truth when building against MCP.

Register an MCP OAuth app

Unlike standard OAuth apps, which are created in the Developer Console, the Asana MCP server uses Dynamic Client Registration. This allows you to register your application programmatically using the registration endpoint.

Request

curl --request POST 'https://mcp.asana.com/register' --header 'Content-Type: application/json' --data '{
  "redirect_uris": [
    "https://example.com/callback"
  ]
}'
{
  "redirect_uris": [
    "https://example.com/callback"
  ]
}

Response

{
  "client_id": "i9uzw6sqpWOunzVe",
  "redirect_uris": [
    "https://example.com/callback"
  ],
  "grant_types": [
    "authorization_code",
    "refresh_token"
  ],
  "response_types": [
    "code"
  ],
  "token_endpoint_auth_method": "client_secret_basic",
  "registration_client_uri": "/register/i9uzw6sqpWOunzVe",
  "client_id_issued_at": 1757065260,
  "client_secret": "Lu1zsYWOeIplw3lqDoIkYGnFIYyDxXAo"
}

After registration, the remaining OAuth flow - authorization, token exchange, refresh, and revocation - follows the same process described in the main Asana OAuth documentation, but using the MCP-specific endpoints provided by the discovery endpoint.

🚧

MCP OAuth tokens

MCP tokens and standard Asana OAuth tokens are not cross-compatible. To use MCP endpoints, you must obtain an OAuth token from the MCP authorize endpoint, which will only work with the Asana MCP server. If you want to make standard Asana API requests, you will need to obtain a separate token from the Asana OAuth authorization endpoint. In other words, each environment issues its own tokens, and a token from one cannot be used in the other.

What is a Redirect URI?

A redirect URI, also known as a callback URL, is a critical part of the OAuth 2.0 authorization process. After a user successfully approves your application to access their Asana data, the Asana MCP server sends them back to your application. The redirect URI is the specific endpoint where the authorization server sends the user, along with an authorization code. Your application then exchanges this code for an access token to make authenticated requests to the Asana API on the user's behalf.

Why do we have an allowlist?

MCP is an open protocol, and recommended features like Dynamic Client Registration can introduce challenges to combating malicious clients. To help mitigate this, Asana maintains an allowlist of approved MCP client redirect URIs to protect our users. This is a crucial security measure that helps prevent several types of attacks, most notably phishing and authorization code interception.

📘

Request that your client be added to the allowlist

Please use this form to request the addition of a new redirect URI. At this time, we do not support variables in redirect URIs. Our team will review your request and reply over email. Note that we can only approve submissions from the developers of the app themselves: if you are using an app you want added but did not develop yourself, please get in touch with its developers to have them fill out the form.

Invalid redirect URI handling

If your application attempts to register with the MCP server but its redirect URI is not on our allowlist, the authorization attempt will fail. Your application will receive a JSON error response that looks like this:

{
  "error": "invalid_redirect_uri",
  "error_description": "One or more redirect URIs are not allowed",
  "disallowed_uris": ["https://unallowed.com"]
}

Connecting your MCP client

If you are building a new application and wish to connect your MCP client to the official Asana MCP server, you will need to have your redirect URI added to our allowlist. Note that this process is intended for use by developers of MCP clients.

If you are a user of an MCP app (such as Claude) and having trouble connecting it to Asana, please see our usage documentation to debug connection issues. If the app you are using is still unable to connect, please reach out to the app's developer and have them request access for their app. We cannot approve requests from users on behalf of an app's developer.

To request the addition of a new redirect URI, please make a request through our internal request form.
Our team will review your request and, upon approval, add your redirect URI to the allowlist, enabling your client to integrate with our server.

Updated 19 days ago

Asana Footer
Asana Home
Asana helps you manage projects, focus on what's important, and organize work in one place for seamless collaboration.
© 2023 Asana, Inc.
Developers
Guides API reference My apps App directory Forum
Asana
Product Enterprise Partners Blog Careers
Help us improve
How was your experience using our docs?
Send feedback