I am tearing my hair out trying to get the Comments from my Asana Tasks, which are subsets of “Stories”. I have confirmed the Plug In credentials (App Client and Secret) but I keep hitting access errors.
Has anyone ever got this working?
Thanks!
Adam
Which plugin are you using? Which type of auth? Are you trying to access your own account?
It’s the official Asana Plug In with OAuth. I am Admin in Asana so I should be able to access everything after granting access, but it can’t seem to access any Comments from the Stories in my own Tasks.
I don’t know what you mean by "official asana plugins. There’s two plugins built by plugin dev, not Asana itself. I guess you are using the free one… And I don’t think you should use the paid one…
oAuth is not the auth you should use for your case because this will only be available for your own account. Is this what you want?
I think you should use the API Connector instead and create your own integration and use personnal access token instead.
Also, I’ve inspected the Asana plugins “code” and there’s no scopes set in the list of scopes.
I understand. Using a Bubble API Connector with OAuth2 is also something I have attempted, without success. I can get some of the Stories data values listed - but there is a limit (20?) which barely covers the Stories used by automations set up for Tasks. The crux of the issue is getting ALL Stories, then filtering by Comments - and, even then, extracting the Comments appears to be an HTML Text Field, not Plain Text.
For clarity:
When I initialize the Call, I get this in the return JSON:
{
“data”: [
{
“gid”: “1210010357258415”,
“resource_type”: “story”,
“resource_subtype”: “comment_added”
}
}
]
}
What I NEED in the returned JSON is this:
{
“data”: [
{
“gid”: “1210010357258415”,
“resource_type”: “story”,
“resource_subtype”: “comment_added”,
“text”: “Please follow up with the client by Friday.”,
“created_at”: “2024-12-01T09:32:15.123Z”,
“created_by”: {
“gid”: “1209886010024028”,
“resource_type”: “user”,
“name”: “Adam Gill”
}
}
]
}
But when I manually amend the API Response, the returned data call does not populate beyond the 3 “standard” Fields presented (gid, resource_type and resource_subtype).
If you are just using your own account, there’s no need to use oauth2. You use PAT and use Private hey in header as auth type. Authorization: Bearer (yourPAThere)
For the stories endpoint, you have option to add more data. You need to query them in opt_fields parameters
Take time to read Get stories from a task to understand the request options. for the limit, you can also add this parameters so you can query up to 100 (max allowed by this API). Use offset for pagination.
For filtering, this can be done using Bubble feature (as it doesn’t seem to have an option to filter them using API request)
Thank you — I really appreciate your detailed insights and the time you’ve taken to help.
To clarify my setup: I’m building a Bubble app that enables other users to authenticate via OAuth and extract Comments from the Stories endpoint of their own Asana Tasks. So in this context, I’m using OAuth (not a PAT), because each user needs access to their own data.
If there’s any way to replicate PAT-like access per user while still respecting individual authentication and data scopes, I’d love to understand how that could be implemented — but right now, OAuth is a hard requirement for the multi-user model.
I’ve also raised this with Asana Support directly, because despite including stories:read in the scope and reauthenticating multiple times, the token still throws the classic missing stories:read error when calling /stories with opt_fields. Hopefully they can clarify whether this is an enforcement issue or a known OAuth limitation.
Thanks again — I’m genuinely grateful for your guidance.
Yes but not recommended. Keep oauth2 as this is more secure
Can you share your API Connector settings for oauth2 user-agent?
Can you also share your app settings? (you need to set scopes there too)
I worked out that I had inserted parameters on the URI/URL that I should not have. Passing the full URI/URL without those parameters allowed me the level of access I required. I have worked it out - but thank you for your inputs and interest!
