Asana API Deprecation (Convert to Personal Tokens?)

[soundofjw]

API Key Deprecation

The Asana API key has served as a low barrier to entry means of authenticating against the API. We created it for personal scripts or for rapid prototyping of applications. Applications intended for large scale deployment should implement Asana Connect (OAuth 2.0) for authentication.

While easier to get started with, the API key poses security risks and provides a degraded user experience overall. Because we care deeply about user experience and security of the platform, we are rolling out a deprecation plan for API keys. This means that in the future, these keys will no longer be an acceptable means of authentication and developers will need to migrate to using one of the options below. We understand this will generate work for some developers and we'll do our best to ease the transition to what we strongly believe is a more secure and robust developer ecosystem.

API Deprecation Timeline

• Today - Asana will launch personal access tokens (an alternative to API keys for command line access, personal projects or rapid prototyping of applications that will implement OAuth).
• Today - Asana will launch a migration mechanism for applications currently deployed using API keys to exchange those keys for OAuth credentials.
• 2-4 Months - Users will no longer be able to generate new API keys generation.
• 4-8 Months - Asana will no longer accept API keys as a means of authenticating to the API.

  Asana Tasks:

#46430200839407