Your browser is no longer supported! Please upgrade your web browser now.

Harvest ID: A New Hope

We have a great team of developers all over the world constantly improving Harvest in the background—optimizing the infrastructure, pushing version updates, tweaking the database, etc. These things can’t easily be shown with flashy animated GIFs like when we release new features, but they’re essential in keeping our products secure, reliable, and fast. In this post I’d like to talk about one of these projects.

I’ve spent a year and a half of my career on this new system we call Harvest ID, and it’s been one of the most rewarding and challenging projects I’ve ever worked on. It’s also a very important step for us technically, a stepping stone that let us clean up a lot of technical debt and paved the way for a lot of features that wouldn’t have been possible without it.

We migrated almost one million users to this new system, we built and improved features where security is absolutely essential, like password resets and invitations, and we had endless discussions about the impact on usability for the various flows that Harvest ID provides. And we did all this without a single second of downtime.

I hope you enjoy this read as much as I enjoyed working on this project.

Authentication is very important. It’s the key that gives you access to doing anything at all with Harvest, and it involves much more than just entering your email and password on a sign-in page.

More than ten years ago, when Harvest was launched, you could sign in using your email address and password. Some time later, we started offering an API that let you pass your credentials with Basic authentication. When the iPhone started to be a thing, we built our first version of Harvest for iPhone. Some time later, we implemented the new standard OAuth2, making third-party apps easier and more secure to build. In 2014 we launched another product, Forecast, which integrates very tightly with Harvest.

All of these different features have one thing in common: they provide access to your Harvest accounts, and that access has privacy and security implications that we take very seriously.

Harvest started with a very simple solution for the needs it had ten years ago, but with time, authentication became more and more complex to manage. This complexity wasn’t intentional; it was the outcome of many years of changes and improvements. This is perfectly normal in the world of software development, where it’s important to not just extend and add new features but also take a step back and clean up anything that has become too complex.

This slide from an internal presentation two years ago made it clear that it was time for us to take that step back (don’t worry—a lot has changed since then!):

Talk Over the Internet – Authentication

Harvest ID

One of the ways we’ve solved these problems in the past is to rebuild small sections from scratch, giving us new, cleaner code. It’s also possible to take this one step further, though, and build a whole new app. This has the added benefit of removing the complexity from the original codebase and having a very small new application that’s a lot easier to maintain.

We unveiled Forecast almost two years ago, when we had already learned from our past and decided that authentication was something that could be done in a different app. We tried out our proof of concept and found that it worked well for Forecast, so the next step was to expand on the idea and get Harvest to use it, too. We named the new app Harvest ID.

Beyond cleaning up our authentication code, we knew that investing in Harvest ID would have many other benefits, some obvious, like easily switching between Harvest and Forecast accounts, and others less visible, like improving how we implement some parts of Harvest that really need some love. We’ll explain some of these more in depth in a future blog post, but security has always been at the forefront of this project, and that’s what I want to dig into now.


Security is a complex concept. No one can ever say with 100% confidence that a system is completely secure; what’s considered secure changes with time, as hackers get craftier and new best practices emerge. Security is a spectrum, and we’re constantly trying to move towards the more secure end of it. Ensuring security involves many different areas and practices, from keeping our servers and packages up to date and storing private information securely to using mathematically proven secure algorithms and nudging our customers towards stronger passwords or informing them when something might be amiss.

With Harvest ID, our products are now several steps closer to the place we’d like to be with regard to security:

  • We’re now based on tokens with limited lifetimes. Someone hacking an account has a limited time during which to do any damage, and we can revoke access at any point.
  • It’s much more flexible than before. We’ll be able to build new features in the future that would’ve been very complicated to build in the days before Harvest ID.
  • Harvest ID is a very small application, which makes it a lot easier to maintain. We can run the whole test suite in ten seconds, as opposed to the ten minutes it takes to run Harvest’s. A small application has fewer bugs and lets us be way more thorough with QA. This is very important when we’re talking about such a key part of a system.
  • Harvest and Forecast can join efforts in this area. Any improvements or vulnerability fixes in our authentication code will automatically apply to both products.
  • There’s a good chunk of functionality that doesn’t live in Harvest anymore—signing in, password resets, invitations, etc. That means Harvest got simpler, and we know simpler apps are more secure, right?


Harvest ID is, at its core, a token generator that can work as an OAuth2 provider. When accessing any of our products, we always expect an access token to be in your cookies. If it’s not there, we just tell you to go to Harvest ID and sign in to get a new one.

If you type the correct email and password into Harvest ID, we issue a new access token with a limited lifetime. That token stays in your cookies, signed and encrypted to make it a little bit more annoying for Evil Hackers to play with it, and once it expires, it stops working and you need a new one to access our apps. Signing out also invalidates it, making sure hackers can’t do anything else with it.

Our own mobile apps use Harvest ID as a good old OAuth2 provider. They use a password grant to get a pair of access and refresh tokens, just like they used to, with the added benefit that you can use these tokens for all your accounts, making it easier than ever to switch accounts with our mobile apps—something that wasn’t possible before. Spoiler alert: The Harvest for Mac app will support this very soon, too!

We foresee a future where all API access to Harvest will also benefit from Harvest ID so third-party apps can provide new, better ways to work with Harvest and, eventually, Forecast.

I’m so glad to have been part of this amazing journey. We officially started the project to integrate Harvest ID with Harvest in October 2014 and silently released the first batch of changes internally in early 2015 before slowly migrating all features from Harvest into Harvest ID. We migrated everyone with a single Harvest account during March 2015 and everyone else in the next few months. We re-built most of the sign-up code at the same time, and by the end of 2015, everyone was accessing Harvest via Harvest ID.

We haven’t been idle since then. We’ve continued to improve Harvest ID and will keep doing so in the months to come. I’m really looking forward to the new feature announcements we’ll be making in the near future.

This ambitious project wouldn’t have been possible without the fantastic team here, from my fellow developers to our amazing DevOps, tireless QA, and the nicest team of Experts around. I especially couldn’t have done it without Lorenzo, one of our security experts and an incredible resource and cheerleader during this transition.

Stay tuned for upcoming news about Harvest ID!

Smarter Filtering in Forecast: Project Tags, Search, and Multiple Options

Filtering the schedule in Forecast is one of the best ways to focus when planning your team’s time. You’re most often scheduling—or looking at the schedule of—a single person or project, and all other visible rows can become quite distracting.

Today, we’re excited to announce a big release that expands the current filtering in Forecast and includes several new features to help you work smarter. Watch the video below to get a better understanding of the new filter, and read on for more details.

Project Tags

Tagging people in Forecast has always been powerful: filtering the Team View down to a specific skill, team, department, or even location allows you to find just the person you want to see. So we’re bringing tagging to your projects, offering that same flexibility in the Projects View.

Now you can filter your projects by the project tags you create: project owner, sales funnel, budget, phase, department, or whatever makes sense for your needs. And unlike color labels, you can have multiple tags on a single project! Project tags open the door to an all new way of managing your projects in Forecast.


Instead of just selecting a color label or tag from a list, you can now filter the schedule just by typing and the schedule will filter in real-time as you type. But we’ve also expanded what you can search for, which offers all new options to filter your schedule.

  • Projects View: You can now search by client name, project name, project code, color label, or project tag.
  • Team View: You can now search by person name, email, or team tag.

Want to see all projects for a single client? Just type in the name of that client on the Projects View. Looking for a specific designer? Type in their name and see just that person. It’s that simple.

Multiple Options

In the past you could only filter Forecast by a single color or tag at a time. Now you can filter by multiple options to find just what you’re looking for.

  • Simply use a space when you need to further filter down your results. For example: want to see just designers in the Spanish office? Just type designer Spain to find everyone on the team that has both of those team tags.
  • If you’d like your schedule to include all results across multiple options, use the word “or” in your search. For example: if you want to see all your designers and all your developers at the same time, just type designer or developer. Want to see all orange and all blue projects? Type orange or blue.

These options work for anything you can search for on the schedule, as listed above.

At Harvest we continuously strive to help your team work smarter. With the added ability to tag your projects and the update to Forecast’s filtering options, you now have greater flexibility to help you focus on scheduling.

If you aren’t using tags and filters yet, now’s the best time to start! If you have any questions, please don’t hesitate to reach out to the team at

Easier Editing from Your Reports

Sometimes something small can make a huge difference. Think about adding salt to your French fries or taking a few moments to clear your mind before tackling a project. We recently made a tiny change to Harvest, but we think it’ll have a big impact on the way you edit time or expense entries.

Currently, our Detailed Time and Expense reports let you easily review your work. But what if you notice an error and need to edit? The report was a dead end, with no easy way to make changes.

Now, we’ve removed that dead end. As of today, when you click on any time listed in the Hours column of a Detailed Time report, or an amount in the Amount column of an Expense report, you’ll be taken right to that entry. Here’s what it looks like for time:


One thing to note: Previously, clicking an amount in your Expense Report would open the expense’s receipt (if one was attached). Now, you can get to that receipt by clicking the paperclip icon to the right of the amount.

We hope that this update makes editing entries easier, so you have more time for what really matters—getting that clear headspace so you can get to work!

In the Field: How ‘Discernment’ Allows Anchour to Do Great Work for Its Clients

Part of our company mission is to help people work smarter—and that doesn’t stop with our products. We believe we can all benefit from sharing the collective wisdom of our community. That’s why we’ve created this column called In the Field.

In it we’ll feature interviews with Harvest customers, unpacking how they work, how their teams are organized, and what makes them unique. Hopefully it will allow you an opportunity to peer inside someone else’s company and provide some insights that you can take back to your own work.

For our first In the Field column we head to Lewiston, Maine to chat with Anchour, a branding, design, and web development firm. Managing Director Stephen Gilbert talks to us about how he got his start, how the Anchour team works together, and how the element of ‘discernment’ allows them to deliver quality work for their clients.

Continue reading…

Edit Forecast Assignments and Milestones Without Losing Your Place

One of Harvest Forecast’s founding principles was to be frictionless. Today, we release a simple update that should further minimize friction when scheduling.

Now when you create or edit an assignment on the Forecast schedule, you’ll have access to the edit form right next to that assignment. This also goes for milestones. This change keeps you in context with the project or person that you’re planning, so you’re in and out of Forecast even faster.


As an added bonus, we’ve also added a Cancel button to the edit form. If you have any questions, don’t hesitate to reach out to the team. Happy scheduling!

Harvest for QBO: Control If Payments Copy Over

We realize everyone’s workflow might be a bit different, which is why we’ve added some long-overdue flexibility to our QuickBooks Online integration. You can now control if your Harvest invoice payments get copied to QuickBooks Online. If you manage your payment process in QBO, this means you won’t have to worry about duplicate payments getting copied to QBO anymore!

Administrators can configure this setting by going to Settings in the upper-right corner and scrolling down to the Integrations section. Click Edit Settings next to QuickBooks Online. You’ll see that you can turn copying payments on/off:


Additionally, we made another small update to the integration. If an email reminder gets sent out for a Harvest invoice, that invoice will no longer automatically recopy to QBO. Invoices that have been copied to QBO will only recopy if you go to More Actions > Copy to QuickBooks Online, or if you receive a payment on the invoice.

You can learn more about our Harvest for QuickBooks Online integration here. If you have any questions or feedback, get in touch with us.

Parting Ways with Difficult Clients (Using Data)

Letting go of clients is a painful decision. You become invested in their business and want them to succeed. But sometimes the economics of a client relationship just don’t work out.

At the end of the day, every business needs to turn a profit. If you discover you’re losing money on a client, it may be time to part ways. But how do you figure this out? Your intuition might be telling you a client isn’t working out, but you need data to be 100 percent sure.

This is the position Shareef Defrawi, president and founder of Bonafide, a Houston-based digital marketing agency, found himself in when he decided to take his business in a new direction. Bonafide began life as an SEO agency, but as the digital space evolved, Shareef realized he could better serve his clients by embracing a more holistic marketing strategy. This new approach drove considerably more value—but at a higher price. Continue reading…

Track Time from Safari

The title says it all: you can now track time right from your Safari toolbar once you download our new extension. You can start/stop a timer, enter time, or see if a timer is running without having to fully open up Harvest in your browser.

Better yet, this extension will allow you track time right in Basecamp or Trello. Previously, you had to use Chrome to track time in these apps. Now, once you download the Safari extension, you’ll see timers appear right inside Trello and Basecamp so you’ll never have to leave your account to track time.

Safari Extension

To download the Harvest for Safari extension, follow the instructions here. If you have any feedback or questions, drop us a line!

Smaller Increments and More Flexible Scheduling in Forecast

Scheduling your team is a fundamental part of Forecast. On average, our customers create 50,000 new assignments every week—that’s a lot! Today, we’re releasing a major update to scheduling in Forecast that offers you tremendously more flexibility when assigning:

  • Assign time in smaller increments than whole hours (e.g. 0.5, 3.68, etc)
  • Select 7.5 as an option for Max Hours/Day (this allows you to set a 37.5-hour workweek)
  • Quickly adjust the Total Hours for any assignment, instead of only its Hours/Day (more on this below)
  • Other workflow improvements for faster assigning

The above changes allow a wider range of scheduling options available to you in Forecast. You can now assign a project manager that is only sitting in on a 15-minute meeting (0.25 hours/day). You can also accurately book a 37.5-hour workweek without unnecessarily over- or under-booking your team’s schedules.

New Ways to Assign in Forecast

We want Forecast to be even better for high-level planning and have done just that by now allowing you to adjust the Total Hours for an assignment. Here are some examples illustrating how you can use this feature to plan at a higher level:

  • Hours/Week — You want your developer to work 30 hours on a project each week for the next few weeks. Simply create a Monday-Friday assignment, enter 30 into Total Hours to show hours/week, and repeat this assignment for as many weeks as needed.
  • Hours/Month — You plan to work 100 hours on a project for the entire month. Create an assignment from the first business day of the month through the last, and enter 100 into Total Hours.
  • Hours/Phase — You just won a new project and you want to assign 60 hours over the first three weeks to a designer. You can create one assignment for those three weeks, and enter 60 into Total Hours.

In each scenario, Forecast will do the math for you to break the assignment down to the proper Hours/Day. We’ve created a short, 2-minute video that highlights these new concepts. We highly recommend you watch it as you’ll learn some insightful ways to work faster in Forecast:

If you have any questions, don’t hesitate to reach out to the team. Happy scheduling!

Paying by Credit Card Just Got Easier for Your Clients

A quicker payment process for your clients means you’ll get paid faster. If you’re using our Stripe integration to accept payments online, your clients will now only have to enter their credit card information once and it’ll be remembered for all future payments. Yep, that’s right. Once.

The invoice payment form where your client enters their credit card information will look and work the same way. The key new addition is Stripe’s Remember Me feature. If your client selects this, they’ll need to provide their mobile phone number. Stripe securely identifies your client via text message so they don’t have to retype their payment information when they go to pay you in the future. It’s as simple as that!

Stripe Remember Me

We did have to change the way Harvest invoices get sent out in order to make this happen. If you have multiple recipients on an invoice, the invoice will get emailed separately to each recipient. Everyone will no longer be on the same invoice email. However, we did add copy to the bottom of the invoice so that you can quickly tell who else received the invoice:

Invoice Recipients

Stripe has done some research that confirms that a client whose credit card details are saved is less likely to abandon the payment form. This latest update should take away any client’s excuse to procrastinate paying your invoice! If you have any questions, please reach out to us.