Skip to content

Asana Access Token

Service Name: Asana

Service Description: Asana is a web and mobile application designed to help teams organize, track, and manage their work. It provides tools for task management, project tracking, and team collaboration.

Service Address: https://asana.com/

Validation Type: API Auth

IP Allow list: Does not exist

Secret Access Scope: Grants access to Asana resources including workspaces, projects, tasks, and user data based on the permissions of the authenticated user.

Secret Revokement URL: https://app.asana.com/0/my-apps

Secret Example: 1/1234567890123456:abcdefghijklmnopqrstuvwx

Suspicious Activity Investigation Instructions:

  • Review Asana audit logs for unusual activity or resource access
  • Check for unauthorized project or task creation
  • Look for data exports or unusual sharing settings
  • Monitor for changes to workspace members or permissions
  • Verify if any automation rules or integrations were created or modified

Mitigation Instructions:

  • Navigate to Asana and go to your profile settings
  • Select "Apps" from the menu
  • Find the application associated with the token
  • Click "Revoke Access" to invalidate the token
  • Create a new token if needed with appropriate scopes
  • Review all integrations and connected applications
  • Enable any available security features like SSO if applicable