re:solution vs Atlassian API Token

Some apps are built differently

We took on the task of deeply testing, analyzing, and comparing re:solution’s API token for Jira, Confluence, and Bitbucket with Atlassian’s Data Center and Server built-in feature. The results surprised us. Some vital Token Security features implemented in this plugin are unmatched.

But don’t take our word for it; check the results on your own and let us know your thoughts.

Integration & Compatibility

re:solution

  • Read-only and Read-Write Token scopes

    Grant Read-only or Write permissions to requests against your instance authenticated with API tokens.
    Preview

  • Create API tokens for other users

    When the permission has been granted
    by the admin, create and manage tokens on behalf of other users.
    Preview

  • Easy configuration changes

    Easily change the app settings in the system wide settings tab, or simply use the configuration wizard.
    Preview

  • Basic and Bearer Authentication

    Connect API Tokens with Basic and Bearer authentication method; connect all kinds of 3rd party integrations with API tokens.
    Preview

Atlassian

  • Read-only and Read-Write Token scopes

    Atlassian doesn’t have that concept of scopes. Permission is set to the access level the user currently has.
    Preview

  • Create API tokens for other users

    Not available.
    Users can only create tokens
    for themselves.

  • Easy configuration changes

    Changes require modifying the system property file and a restart of your Atlassian product.

  • Basic and Bearer Authentication

    Atlassian only supports Bearer authentication tokens; which some times is not supported by some 3rd party apps.
    Preview

Enhanced Security

re:solution

  • Restrict API by IP address and range

    Define which IP addresses or ranges can make requests. Restrictions can be made for all tokens and individually.
    Preview

  • Revoke API tokens of other users

    Tokens can be easily revoked in the
    Token Manager console by admins or users
    with granted permission.
    Preview

  • Header / Value Restrictions for tokens

    Deny or allow access for requests with a token based on HTTP headers and their values, including regular expression support.
    Preview

  • Enforce OpenPGP Encryption

    When selected, users creating tokens on behalf others need to provide the recipient’s OpenPGP key as an extra security layer.
    Preview

Atlassian

  • Restrict API by IP address and range

    Feature not available.

  • Revoke API tokens of other users

    Admins can see a list of all tokens created and revoke any of them.
    *Only available in Data Center
    Preview

  • Header / Value Restrictions for tokens

    Feature not available.

  • Enforce OpenPGP Encryption

    Feature not available.

Tokens' management and permissions

re:solution

  • Token permissions granular control

    Who can use tokens, create tokens, and create tokens on behalf.
    Preview

  • Notification for tokens expiring soon

    We provide a flexible scriptrunner script that sends expiration alerts to the token owners and other users in the desired date frequency.
    Preview

  • Request Rate limit

    Per token basis.
    Preview

  • Expired token automatic deletion

    Only manually or by running an automation.

  • Restrict auth to specific cluster nodes

    Select on which nodes it will be allowed to authenticate with API tokens.
    Preview

Atlassian

  • Token permissions granular control

    Not Available. There are no restrictions or permissions control on Atlassian’s API Tokens.

  • Notification for tokens expiring soon

    The token creator and admin can see which tokens will soon expire and get a notification.
    Preview

  • Request Rate limit

    Per user basis.
    Preview

  • Expired token automatic deletion

    Delete expired tokens automatically.

  • Restrict auth to specific cluster nodes

    Feature not available.

Token Monitoring & Transparency

re:solution

  • API tokens browser

    Browse by: Name (description), Author (multiple selection), User scope, Rate limit, Creation, expiration and last used date.
    Preview

  • Audit Log

    Define how authentication attempts should be logged into the audit log, and get granular data of the app's use.
    Preview

Atlassian

  • API tokens browser (Only for DC)

    Browse by: Name Author (single selection) Creation, expiration and last used date.
    *Only available in Data Center
    Preview

  • Audit Log

    Atlassian’s audit log offers few data and no configuration control of what information should be part of the log file.

Table of Contents

Book a call with our API Token experts

Do you want to learn more about API Token or see it in action? Need help to better understand your options? Or maybe you need help configuring a complex scenario. Whatever the reason, our team will be happy to guide you.