Just under a year ago, we launched an API to allow developers to build new tools on top of Asana. Since then, we’ve seen companies and independent developers use the Asana API to integrate Asana and their internal tools, add features like time-tracking and reporting dashboards, and even build separate products.
But until today, the only way to grant another application access to your Asana account was to use your API key.
Today, we’re introducing a better way to authorize other applications to use your Asana account: Asana Connect.
What is Asana Connect?
Asana Connect is a way you can connect your Asana account with any partner website or app using a trusted authentication method, OAuth. Now, whether you’re signing into the partner app or granting the partner app access to your tasks, you can use Asana Connect to securely authenticate and connect to your Asana account.
Asana Connect is based on OAuth, which is an authentication standard supported by companies like Facebook, Twitter, Google, LinkedIn and many, many others. When you “Connect with Facebook”, for instance, you’re using OAuth to let another app access some information about your Facebook account to identify you and make requests of the Facebook API on your behalf.
Likewise, if you signed up for Asana with your Google account, you were using OAuth.
Starting today, developers can begin to write apps that will let you securely give them permissions to access data in your Asana account. You can either accept or reject this request with the click of a single button.
Revoking these apps’ permissions will be just as easy. You can click on your name in the lower left corner > Account Settings > Apps to see the Apps you’ve authorized with Asana Connect.
Why Asana Connect is better
Using an API key to give third-party applications access to your Asana account was functional, but it suffered some drawbacks.
- Applications would need to prompt you for the key, which you’d then have to go to the Asana app to locate, copy, return to the application, and paste in. This is not the smoothest experience.
- Worse, to enter the key on a mobile device you’d often have to actually type it out. The API key is long and full of different characters and numbers, which enhances its security but makes it tedious to enter on mobile keyboards.
- One API key was shared by all applications, meaning if you wanted to deauthorize just one application, you would have to reset your API key and enter the new one into all the apps you wanted to keep using.
Asana Connect makes those drawbacks go away.
The future soon
Of course, it will take developers some time to implement this new authentication method, but we hope that in the weeks and months ahead, you’ll see a lot fewer “enter an API key here” text fields and a lot more “Sign in with Asana” buttons. In fact, our friends over at Flowbs and Cloudwork already have Asana Connect up and running!
Developers can read up on all the technical details in the Developer Documentation, as well as check out some example code showing how to implement OAuth for Asana on Github.