#QOTW: What is the value of our API Token Authentication app?
Updated: Jun 16
There are multiple scenarios where the API Token Authentication app provides benefits.
One of the first ones is in Single Sign-On environments, where users often don't have local passwords or usernames anymore. They can't use basic auth on the API anymore. That's a very common mechanism that third-party integrations like Zapier, Microsoft Flow, used to use the Jira or Confluence API. In #SSO environments very often users can't use these API connections.
The other value is that API tokens are generally considered more secure than using basic auth with essentially your normal enterprise password. They are are complex long strings and can have an expiry date. You can have a different one per app/script and revoke them, if the token got lost. But there's also a lot more admin control that you can do on the API. And with our plugin, you can for example disable the username and password basic auth completely, you can also define groups that can create, manage tokens that can use tokens, et cetera.