API Token Authentication

Shine light on your Jira and Confluence APIs

Eliminate API usage risks by replacing user passwords with personal access tokens.

Don’t you want to know what’s hiding under the radar? Replace user passwords with personal access tokens to unveil shadow IT connections into your Atlassian APIs. Diminish the risk of disclosing sensitive information.

API Token Authentication Product Guide

Get Started with API Token Authentication

Admin Guide

Install and Manage API Token Authentication

Administrators can adjust the app settings in the corresponding management section.

Get it running ⟶

User Guide

Create API Tokens

Users can manage their tokens by clicking on the profile icon and selecting the API Token Authentication link.

Get started ⟶

Knowledge Base

Sample API calls

Use examples of API calls with authentication tokens in a number of programming languages and using third-party services like Zapier or ServiceNow.

See the examples ⟶

Resolution API Token vs. Atlassian API Token

Feature	Resolution API Token	Atlassian API Token
Read-only and Read-Write Token scopes		Read-Only
Easy configuration changes
Restrict API by IP address/ range
Revoke API tokens of other users		Only for DC
Create API tokens for other users
Header / Value Restrictions for tokens
Basic and Bearer Authentication		Only Bearer
Enforce OpenPGP Encryption
Token permissions granular control
Notification for tokens expiring soon	Only with Script runner
Request Rate limit
Expired token automatic deletion
Restrict auth to specific cluster nodes
API tokens browser
Audit Log		Only for DC

Video Overview

API Token
Token Benefits
Tutorial

Increase security for REST API data connections for Jira & Confluence with API tokens instead of username & password.

Play Video about api token authentication

There are multiple scenarios where API Token Authentication provides benefits. Learn here more about the plugin.

Play Video about Value API Token

In this tutorial, we will show you our API Token Authentication app, which brings the API concept to Jira and Confluence.

Play Video about api token setup

Try Out For Free on the Marketplace

Keep learning abut API security

Why API Token Authentication should replace Bitbucket personal tokens

Why API Token Authentication should replace Bitbucket personal tokens

How API Token Authentication helped Automation Consultants secure their Jira Server

How API Token Authentication helped Automation Consultants secure their Jira Server

Why No-Code Platforms Can't Hash Your Password

Why No-Code Platforms Can't Hash Your Password

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these cookies, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may have an effect on your browsing experience.

Accept Selection

Necessary

Always Enabled

Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics the number of visitors, bounce rate, traffic source, etc.

Cookie	Duration	Description
_gat_UA-44969175-9	1 minute	A variation of the _gat cookie set by Google Analytics and Google Tag Manager to allow website owners to track visitor behaviour and measure site performance. The pattern element in the name contains the unique identity number of the account or website it relates to.
_gcl_au	3 months	Provided by Google Tag Manager to experiment advertisement efficiency of websites using their services.
CONSENT	16 years 3 months 13 hours	YouTube sets this cookie via embedded youtube-videos and registers anonymous statistical data.

Advertisement cookies are used to provide visitors with relevant ads and marketing campaigns. These cookies track visitors across websites and collect information to provide customized ads.

Cookie	Duration	Description
_fbp	3 months	This cookie is set by Facebook to display advertisements when either on Facebook or on a digital platform powered by Facebook advertising, after visiting the website.
b3e783bb62	session	This cookie is set by the provider Zoho. This cookie is used for collecting information on user interaction with the web-campaign content. This cookie helps the website owners to promote products and events on the CRM-campaign-platform.
fr	3 months	Facebook sets this cookie to show relevant advertisements to users by tracking user behaviour across the web, on sites that have Facebook pixel or Facebook social plugin.
IDE	1 year 24 days	Google DoubleClick IDE cookies are used to store information about how the user uses the website to present them with relevant ads and according to the user profile.
NID	6 months	NID cookie, set by Google, is used for advertising purposes; to limit the number of times the user sees an ad, to mute unwanted ads, and to measure the effectiveness of ads.
test_cookie	15 minutes	The test_cookie is set by doubleclick.net and is used to determine if the user's browser supports cookies.
VISITOR_INFO1_LIVE	5 months 27 days	A cookie set by YouTube to measure bandwidth that determines whether the user gets the new or old player interface.
YSC	session	YSC cookie is set by Youtube and is used to track the views of embedded videos on Youtube pages.
yt-remote-connected-devices	never	YouTube sets this cookie to store the video preferences of the user using embedded YouTube video.
yt-remote-device-id	never	YouTube sets this cookie to store the video preferences of the user using embedded YouTube video.
yt.innertube::nextId	never	This cookie, set by YouTube, registers a unique ID to store data on what videos from YouTube the user has seen.
yt.innertube::requests	never	This cookie, set by YouTube, registers a unique ID to store data on what videos from YouTube the user has seen.

Other uncategorized cookies are those that are being analyzed and have not been classified into a category as yet.

Cookie	Duration	Description
_calendly_session	21 days	Store user preferences
_zcsr_tmp	session	Used for website security
1e5a17c8ab	session	No description available.
3eb9b21c5c	session	No description available.
4662279173	session	No description available.
AnalyticsSyncHistory	1 month	Used to store information about the time a sync with the lms_analytics cookie took place for users in the Designated Countries
cookielawinfo-checkbox-functional	1 year	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
CookieLawInfoConsent	1 year	Records the default button state of the corresponding category & the status of CCPA. It works only in coordination with the primary cookie.
d4bcc0a499	session	No description available.
li_gc	2 years	Used to store consent of guests regarding the use of cookies for non-essential purposes
m	2 years	No description available.
zft-sdc	12 hours	This cookie stores metadata ( entrances, source etc) of a session which is used by full tracking. (https://www.zoho.com/privacy/cookie-policy.html)
zps-tgr-dts	1 year	This cookie stores the session's metadata on your website.
zsc	30 minutes	Zoho Service Communication Key.