Asana
The Asana enables tools and agents to call Asana APIs on behalf of a user. Behind the scenes, the and the Asana auth provider seamlessly manage Asana OAuth 2.0 authorization for your .
Want to quickly get started with Asana services in your or AI app? The pre-built Arcade Asana MCP Server is what you want!
What’s documented here
This page describes how to use and configure Asana auth with Arcade.
This is used by:
- The Arcade Asana MCP Server, which provides pre-built for interacting with Asana
- Your app code that needs to call Asana APIs
- Or, your custom tools that need to call Asana APIs
Use Arcade’s Default Asana Auth Provider
Arcade offers a default Asana that you can use in the Arcade Cloud Platform. In this case, your will see Arcade as the name of the application that’s requesting permission.
If you choose to use Arcade’s Asana auth, you don’t need to configure anything. Follow the Asana MCP Server examples to get started calling Asana .
Use Your Own Asana App Credentials
When using your own app credentials, make sure you configure your to use a custom user verifier. Without this, your end-users will not be able to use your app or in production.
In a production environment, you will most likely want to use your own Asana app credentials. This way, your will see your application’s name requesting permission.
You can use your own Asana credentials in both the Arcade Cloud Platform or in a self-hosted Arcade Engine instance.
Before showing how to configure your Asana app credentials, let’s go through the steps to create an Asana app.
Create an Asana App
Follow the documentation on Building an App with Asana . You may create a developer sandbox account to test your app before moving to production.
When creating your app, use the following settings:
- Set an appropriate App name, description and icon. This will be visible to your authorizing access to your app.
- Take note of the Client ID and Client Secret.
- In the OAuth settings:
- Under “Redirect URLs”, click Add Redirect URL and add the redirect URL generated by Arcade (see below).
- Under “Permission Scopes”, select “Full Permissions”
- In the “App Listing Details” section, optionally add more information about your app.
- In the “Manage Distribution” section, under “Choose a distribution method”, select “Any workspace”.
- Optionally, submit your app for the Asana team review.
Asana recently introduced granular permission scopes. This feature is still in preview and the scopes available at the moment do not include all endpoints/actions that the Asana Servers needs. For those reasons, Arcade uses the “Full Permissions” scope.
Configuring your own Asana Auth Provider in Arcade
There are two ways to configure your Asana app credentials in Arcade:
- From the Arcade Dashboard GUI
- By editing the
engine.yamlfile directly (only possible with a self-hosted )
We show both options step-by-step below.
Dashboard GUI
Configure Asana Auth Using the Arcade Dashboard GUI
Access the Arcade Dashboard
To access the Arcade Cloud dashboard, go to api.arcade.dev/dashboard . If you are self-hosting, by default the dashboard will be available at http://localhost:9099/dashboard . Adjust the host and port number to match your environment.
Navigate to the OAuth Providers page
- Under the OAuth section of the Arcade Dashboard left-side menu, click Providers.
- Click Add OAuth Provider in the top right corner.
- Select the Included Providers tab at the top.
- In the Provider dropdown, select Asana.
Enter the provider details
- Choose a unique ID for your provider (e.g. “my-asana-provider”).
- Optionally enter a Description.
- Enter the Client ID and Client Secret from your Asana app.
- Note the Redirect URL generated by Arcade. This must be added to your Asana app’s Redirect URLs.
Create the provider
Hit the Create button and the provider will be ready to be used in the .
When you use tools that require Asana auth using your Arcade account credentials, the will automatically use this Asana OAuth provider. If you have multiple Asana providers, see using multiple auth providers of the same type for more information.
Using the Arcade Asana MCP Servers
The Arcade Asana MCP Server provides tools to interact with various Asana objects, such as tasks, , teams, and .
Refer to the MCP Server documentation and examples to learn how to use the Server to build and AI apps that interact with Asana services.
Using Asana auth in app code
Use the Asana in your own and AI apps to get a -scoped token for the Asana API. See authorizing agents with Arcade to understand how this works.
Use client.auth.start() to get a token for the Asana API:
As explained above, the Asana granular permission
scopes are in preview and not yet supported. The "default" scope should be
used to authorize any action/endpoint you need to call in the Asana API.
Python
If you are self-hosting Arcade, change the base_url parameter in the Arcade constructor to match your URL. By default, the Engine will be available at http://localhost:9099.
from arcadepy import Arcade
client = Arcade(base_url="https://api.arcade.dev") # Automatically finds the `ARCADE_API_KEY` env variable
user_id = "{arcade_user_id}"
# Start the authorization process
auth_response = client.auth.start(
user_id=user_id,
provider="asana",
scopes=["default"],
)
if auth_response.status != "completed":
print("Please complete the authorization challenge in your browser:")
print(auth_response.url)
# Wait for the authorization to complete
auth_response = client.auth.wait_for_completion(auth_response)
# Do something interesting with the token...
auth_token = auth_response.context.tokenYou can use the auth token to call the Get multiple tasks endpoint and read information about tasks, for example. Any Asana API endpoint can be called with the auth token.
Using Asana auth in custom tools
You can use the pre-built Arcade Asana MCP Server to quickly build and AI apps that interact with Asana.
If the pre-built tools in the Asana Server don’t meet your needs, you can author your own custom tools that interact with Asana API.
Use the Asana() auth class to specify that a tool requires authorization with Asana. The authentication token needed to call the Asana API is available in the through the context.get_auth_token_or_empty() method.
As explained above, the Asana granular permission
scopes are in preview and not yet supported. The "default" scope should be
used as the only scope in all .
from typing import Annotated
import httpx
from arcade_tdk import ToolContext, tool
from arcade_tdk.auth import Asana
@tool(requires_auth=Asana(scopes=["default"]))
async def delete_task(
context: ToolContext,
task_id: Annotated[str, "The ID of the task to delete."],
) -> Annotated[dict, "Details of the deletion response"]:
"""Deletes a task."""
url = f"https://api.asana.com/api/1.0/tasks/{task_id}"
headers = {
"Authorization": f"Bearer {context.get_auth_token_or_empty()}",
"Accept": "application/json",
}
async with httpx.AsyncClient() as client:
response = await client.delete(url, headers=headers)
response.raise_for_status()
return response.json()If you are self-hosting Arcade, you will need to restart the Arcade and the Engine for the new to be available.
Your new can be called like demonstrated below:
Python
If you are self-hosting, change the base_url parameter in the Arcade constructor to match your URL. By default, the Engine will be available at http://localhost:9099.
from arcadepy import Arcade
client = Arcade(base_url="https://api.arcade.dev") # Automatically finds the `ARCADE_API_KEY` env variable
USER_ID = "{arcade_user_id}"
TOOL_NAME = "Asana.DeleteTask"
auth_response = client.tools.authorize(tool_name=TOOL_NAME, user_id=USER_ID)
if auth_response.status != "completed":
print(f"Click this link to authorize: {auth_response.url}")
# Wait for the authorization to complete
client.auth.wait_for_completion(auth_response)
tool_input = {
"task_id": "1234567890",
}
response = client.tools.execute(
tool_name=TOOL_NAME,
input=tool_input,
user_id=USER_ID,
)
print(response.output.value)