Asana Access Token
Service Name: Asana
Service Description: Asana is a web and mobile application designed to help teams organize, track, and manage their work. It provides tools for task management, project tracking, and team collaboration.
Service Address: https://asana.com/
Validation Type: API Auth
IP Allow list: Does not exist
Secret Access Scope: Grants access to Asana resources including workspaces, projects, tasks, and user data based on the permissions of the authenticated user.
Secret Revokement URL: https://app.asana.com/0/my-apps
Secret Example: 1/1234567890123456:abcdefghijklmnopqrstuvwx
Suspicious Activity Investigation Instructions:
- Review Asana audit logs for unusual activity or resource access
- Check for unauthorized project or task creation
- Look for data exports or unusual sharing settings
- Monitor for changes to workspace members or permissions
- Verify if any automation rules or integrations were created or modified
Mitigation Instructions:
- Navigate to Asana and go to your profile settings
- Select "Apps" from the menu
- Find the application associated with the token
- Click "Revoke Access" to invalidate the token
- Create a new token if needed with appropriate scopes
- Review all integrations and connected applications
- Enable any available security features like SSO if applicable