Asana Service Accounts & Personal Access Tokens

Asana service accounts let your workflows authenticate as a non-human bot identity instead of a person's account. The service account has its own name and its own token, managed centrally by a super admin — no one person's OAuth consent to expire, and access can be revoked without touching anyone's personal account.

There are two ways to get a token, and both work in Sim:

  • Service account token (recommended for teams) — available on Asana Enterprise and Enterprise+ plans, created by a super admin in the Admin Console.
  • Personal access token (PAT) — available on any plan, created from any user account. For production workflows, create it from a dedicated bot account rather than a personal one.

Both token types use the same format and paste into the same field in Sim.

Option A: Service Account Token (Enterprise / Enterprise+)

Prerequisites

You need an Asana super admin on an Enterprise or Enterprise+ plan. Service accounts are an organization-level feature — regular users cannot create them.

Create the Service Account

Open the Asana Admin Console and go to AppsService accounts

Click Add service account, give it a name (e.g. Sim Integration) — this is the name that will appear on tasks and comments the workflows create

Grant the service account Full Permissions. Scoped service accounts (for example, ones limited to User Provisioning / SCIM) cannot call the standard Asana API and will fail when you connect them to Sim

Copy the token when it's shown. Asana only displays it once — if you lose it, you'll have to regenerate it — plan to update the credential in Sim at the same time, since the old token stops working once it's replaced.

A service account with Full Permissions has org-wide access to all data in your Asana organization, including private projects. Treat the token like an admin password.

Option B: Personal Access Token

If you're not on an Enterprise plan, a personal access token works identically on the wire. For production workflows, create a dedicated bot user account (e.g. sim-bot@yourcompany.com) and generate the PAT from that account — a PAT is tied to the user who created it, inherits only that user's permissions, and stops working if the user is deprovisioned.

Log in as the bot account and open the developer console at app.asana.com/0/my-apps

Click + Create new token, give it a name that describes its use (e.g. Sim Integration), and click Create token

Copy the token immediately — Asana only shows it once.

Add the bot account to the workspaces and projects your workflows need. A PAT can only see what its user can see.

Adding the Token to Sim

Open your workspace Settings and go to the Integrations tab

Search for "Asana Service Account" and click it, then click Add to Sim and choose Add access token

Paste the token — service account token or personal access token, both work in the same field — and optionally set a display name and description

Click Add access token. Sim verifies the token by calling Asana's /users/me endpoint — if it fails, you'll see a specific error explaining what went wrong.

If a brand-new token fails validation with an authentication error, wait a few minutes and try again — newly created service account tokens can take a short time to become active.

The token is encrypted before being stored.

Using the Service Account in Workflows

Add an Asana block to your workflow. In the credential dropdown, your Asana service account appears alongside any OAuth credentials. Select it and configure the block as you normally would.

The block calls the Asana API (app.asana.com/api/1.0) with the token as a standard Bearer credential. There's no impersonation step — the token acts as itself: the service account identity, or the bot user for a PAT.

Common Questions

A service account is an org-level bot identity with its own name and (with Full Permissions) org-wide access — it isn't tied to any person. A PAT is tied to the user who created it, inherits only their permissions, and breaks if that user is deactivated. Both use the same token format and paste into the same field in Sim; prefer the service account for team use if your plan supports it.
Scoped service accounts (e.g. limited to User Provisioning / SCIM) can't call the standard Asana API, so Sim's validation call fails. Ask your super admin to create the service account with Full Permissions.
No scheduled expiry — the token is long-lived until a super admin revokes or regenerates it (for a PAT, until the user deletes it or is deprovisioned). If a working credential suddenly starts failing with 401 errors, the token was revoked; paste a new one.
Regenerate the service account token in the Admin Console, then update the credential in Sim with the new token right away — the old token stops working once it's replaced, so expect a brief window of failed runs if workflows execute in between.
No. Asana has a single API host, and Sim's Asana blocks take workspace and project IDs as block parameters — the token is all the credential needs.
Asana rate-limits per token, so all workflows sharing one service account token draw from a single rate-limit bucket. If you run heavy concurrent workloads, watch for 429 responses and consider splitting workloads across tokens.

On this page