Establish a webhook
/webhooks Required scope: webhooks:write
Establishing a webhook is a two-part process. First, a simple HTTP POST request initiates the creation similar to creating any other resource.
Next, in the middle of this request comes the confirmation handshake.
When a webhook is created, we will send a test POST to the target with an
X-Hook-Secret header. The target must respond with a 200 OK or 204 No Content and a matching X-Hook-Secret header to confirm that this
webhook subscription is indeed expected. We strongly recommend storing
this secret to be used to verify future webhook event signatures.
The POST request to create the webhook will then return with the status of the request. If you do not acknowledge the webhook’s confirmation handshake it will fail to setup, and you will receive an error in response to your attempt to create it. This means you need to be able to receive and complete the webhook while the POST request is in-flight (in other words, have a server that can handle requests asynchronously).
Invalid hostnames like localhost will receive a 403 Forbidden status code.
# Request
curl -H "Authorization: Bearer <personal_access_token>" \
-X POST https://app.asana.com/api/1.0/webhooks \
-d "resource=8675309" \
-d "target=https://example.com/receive-webhook/7654"
# Handshake sent to https://example.com/
POST /receive-webhook/7654
X-Hook-Secret: b537207f20cbfa02357cf448134da559e8bd39d61597dcd5631b8012eae53e81
# Handshake response sent by example.com
HTTP/1.1 200
X-Hook-Secret: b537207f20cbfa02357cf448134da559e8bd39d61597dcd5631b8012eae53e81
# Response
HTTP/1.1 201
{
"data": {
"gid": "43214",
"resource": {
"gid": "8675309",
"name": "Bugs"
},
"target": "https://example.com/receive-webhook/7654",
"active": false,
"last_success_at": null,
"last_failure_at": null,
"last_failure_content": null
},
"X-Hook-Secret": "b537207f20cbfa02357cf448134da559e8bd39d61597dcd5631b8012eae53e81"
}
Parameters
query Query Parameters
| Name | Type |
|---|---|
opt_fields This endpoint returns a resource which excludes some properties by default. To include those optional properties, set this query parameter to a comma-separated list of the properties you wish to include. | ("active" | "created_at" | "delivery_retry_count" | "failure_deletion_timestamp" | "filters" | "filters.action" | "filters.fields" | "filters.resource_subtype" | "last_failure_at" | "last_failure_content" | "last_success_at" | "next_attempt_after" | "resource" | "resource.name" | "target")[] |
opt_pretty Provides “pretty” output. Provides the response in a “pretty” format. In the case of JSON this means doing proper line breaking and indentation to make it readable. This will take extra time and increase the response size so it is advisable only to use this during debugging. | boolean |
Request Body
The webhook workspace and target.
Responses
Successfully created the requested webhook.
Client Errors
This usually occurs because of a missing or malformed parameter. Check the documentation and the syntax of your request and try again.
errors?:
}
A valid authentication token was not provided with the request, so the API could not associate a user with the request.
errors?:
}
The authentication and request syntax was valid but the server is refusing to complete the request. This can happen if you try to read or write to objects or properties that the user does not have access to.
errors?:
}
Either the request method and path supplied do not specify a known action in the API, or the object specified by the request does not exist.
errors?:
}
Server Errors
There was a problem on Asana’s end. In the event of a server error the response body should contain an error phrase. These phrases can be used by Asana support to quickly look up the incident that caused the server error. Some errors are due to server load, and will not supply an error phrase.
errors?:
}