-1

I'm trying to do a get request via javascript/jquery to attain all of my workspace IDs in asana. I know when I just put the URL in the browser, asana returns all of my workspace IDs. However, when I do a GET request of the same URL, I'm getting a 401 error (Not Authorized).

How do i fix this? I know after I do a login through OAuth I am provided a token, am I supposed to do something with that? 

$.get("https://app.asana.com/api/1.0/workspaces", function(data){
  alert("Data: " + data);
});

Also, please do not tell me to do it on the server side instead. I'm doing a simple web application and I'm doing it with javascript/jquery. That is not an answer. Thank you.

Charles
  • 50,943
  • 13
  • 104
  • 142
angyxpoo
  • 193
  • 2
  • 5
  • 16
  • does the API expect a `post`? Do you first authenticate before putting the URL in the browser? – Christian Phillips Feb 12 '14 at 15:25
  • Why was my post voted down? I searched and this question isn't clearly answered anywhere. – angyxpoo Feb 12 '14 at 15:31
  • Oh I have not tried to POST instead of get. I will try that. and I did authenticate before putting url in browser as well as preforming the GET request – angyxpoo Feb 12 '14 at 15:31
  • I'm not sure why it was voted down? some people don't leave a reason (actually most don't). Anyway, it should say the the API docs how to use the token provided from oAuth, it will probably expect the tokenID to be passed back in the `GET` request. Unfortunately, I can't access the docs for the api. – Christian Phillips Feb 12 '14 at 15:34
  • When i 'POST' instead of 'GET', It returns a '400 (bad request)' error – angyxpoo Feb 12 '14 at 15:35
  • the API docs are strongly geared towards ruby. It doesn't really tell me what to do with the token after I've received it. I feel like these API docs kind of suck anyways. But thanks for your help. I'll try passing the token in the GET request – angyxpoo Feb 12 '14 at 15:38
  • Ignore my `post` question, not sure where I got that from. It looks like you need to supply an `API key`, but it isn't so clear. I'll try and access the docs from home later and update the comments here. – Christian Phillips Feb 12 '14 at 15:44
  • Thanks. I was under the impression that the API key was kind of old news because they use OAuth now... but what do I know. I'm not sure which is supposed to be used now (OAuth or API key). – angyxpoo Feb 12 '14 at 15:48
  • http://stackoverflow.com/users/1229448/greg-s <-- this guy works there, and has an email address in his profile. – Christian Phillips Feb 12 '14 at 15:49

1 Answers1

1

You need to authenticate your request, either using OAuth or the API Key. If you're developing an application for others to use, and you want them to be able to access their Asana data, you probably want to use OAuth - if it's just for a script you run for yourself, your API Key should be fine.

Generally speaking, OAuth has enough nuances that if you're using it (and not intimately familiar with it), we'd recommend using a library of some kind. If you're using jQuery, perhaps https://gist.github.com/andyedinborough/1012960 would help? (Caveat: I haven't tried it myself)

The short version of OAuth is that you need to get a token, which you can then pass to the API in the form of an HTTP header of the form Authorization: Bearer $TOKEN. It sounds like you already have a token, so you just need to add the header and it should work. And yet, GET is the correct verb to use here.

agnoster
  • 3,744
  • 2
  • 21
  • 29
  • Thanks. After doing some research, I see that HTTP headers are in this form: `GET /resource HTTP/1.1 Host: server.example.com Authorization: Bearer mF_9.B5f-4.1JqM` But i'm unsure of how to do the syntax for this? Do I just stick it in my javascript code?? It seems like this isn't correct syntax – angyxpoo Feb 13 '14 at 16:06
  • I Googled for "jquery http header" and found this: http://stackoverflow.com/questions/7686827/how-can-i-add-a-custom-http-header-to-ajax-request-with-js-or-jquery - maybe it helps? – agnoster Feb 13 '14 at 20:04
  • Again, it might be worth using an existing OAuth library if you're not familiar with it - it can be tricky to get right! – agnoster Feb 13 '14 at 20:05