Access API question


#1

Hello!

I am building a reporting tool within my organization that would potentially be used by multiple teams, however I am encountering issues with accessing project listings through API. Here is my situation:

  • I am accessing API using my Personal Access Token
  • I am part of the Organization and Part of my team but not part of any other teams within the org
  • I have no issues fetching my team’s project list, but if I try to use ID of any other team, API returns an empty array

Would I need to be part of other teams within the org to be able to fetch project lists from said teams? Perhaps I can ask other team member to get Token and supply it to me so I can set them up with the reporting? Any ideas are welcome.


#2

Maybe @johnnygoodnow can help? As a fallback method, you can create an account that is inside all teams…


#3

It is true, I could do that, or indeed ask somebody from the other team to get Personal Token and give it to me. That would not be very difficult thing to do, but I was wondering if there is a way to access other team’s project list using my existing credentials.


#4

That seems rather logic: if you can’t access something, there is no reason for your key to do…


#5

If it is intended behavior around Token restrictions, that is totally logical and I have no problem with it. I was just making sure I am not missing something in the way I set up my API calls because I am still new to working with Asana API and prone to overlook simple things :slight_smile:


#6

I am just guessing like you, hoping @johnnygoodnow can confirm.


#7

Hey @Vaidotas_Piekus, @Bastien_Siebman,

To my knowledge, you can’t access projects in teams that you’re not in. This is mostly for privacy within the application - say if a team within an organization was focusing on something secret and needed tight access control, we wouldn’t want to circumvent that privacy via the API. The same goes for OAuth as well - you can only access projects that you can see.

If you’re OK with having a user account that can access everything, I would suggest making an account that has access to all the teams & projects that you need, as @Bastien_Siebman suggested. At Asana, we often have bot users for automation.

We don’t have anything scheduled for this right now, but in the future we may consider a “app” that can act on its own, similar to how bots in Slack or Github Apps work; otherwise, you’ll have to work around it. If you have any feedback, we’re always up to hear it!


#8

Thanks @johnnygoodnow! It makes sense, thank you for explanation! It is good to know that I am not doing anything wrong with my API calls!


#9

Also to just confirm my hypothesis - if you can see the team, you’re good - you don’t necessarily need to be a full member.

Teams can have the following privacy: public, hidden, and membership by request. If it’s public, you should be able to pull down the tasks, a simple snippet in Python to verify would be:

import asana
access_token = 'YOUR PERSONAL ACCESS TOKEN'
project_you_care_about = 12345
client = asana.client.access_token(access_token)
tasks = list(client.tasks.find_by_project(project_you_care_about))

If it has one of the other privacy settings though, it might not work. If this doesn’t match up with what you see, do let us know. In thinking about it more, it seems strange that you wouldn’t be getting a 401 error instead.


#10

Asana does offer Service Accounts for Enterprise customers.

Service Accounts provide organization-wide access to data in Asana via the API. You can think of Service Accounts as a PAT that has access to every task in Asana. Our customers use Service Accounts to build reporting apps and bots.


#11

Oh wow I did not see this option. It does look like exactly what I would need. Thanks!