re:solution vs Atlassian API Token
Some apps are built differently
We took on the task of deeply testing, analyzing, and comparing re:solution’s API token for Jira, Confluence, and Bitbucket with Atlassian’s Data Center and Server built-in feature. The results surprised us. Some vital Token Security features implemented in this plugin are unmatched.
But don’t take our word for it; check the results on your own and let us know your thoughts.
Integration & Compatibility
re:solution
-
Read-only and Read-Write Token scopes
Grant Read-only or Write permissions to requests against your instance authenticated with API tokens.
Preview -
Create API tokens for other users
When the permission has been granted
by the admin, create and manage tokens on behalf of other users.
Preview -
Easy configuration changes
Easily change the app settings in the system wide settings tab, or simply use the configuration wizard.
Preview -
Basic and Bearer Authentication
Connect API Tokens with Basic and Bearer authentication method; connect all kinds of 3rd party integrations with API tokens.
Preview
Atlassian
-
Read-only and Read-Write Token scopes
Atlassian doesn’t have that concept of scopes. Permission is set to the access level the user currently has.
Preview -
Create API tokens for other users
Not available.
Users can only create tokens
for themselves. -
Easy configuration changes
Changes require modifying the system property file and a restart of your Atlassian product.
-
Basic and Bearer Authentication
Atlassian only supports Bearer authentication tokens; which some times is not supported by some 3rd party apps.
Preview
Enhanced Security
re:solution
-
Restrict API by IP address and range
Define which IP addresses or ranges can make requests. Restrictions can be made for all tokens and individually.
Preview -
Revoke API tokens of other users
Tokens can be easily revoked in the
Token Manager console by admins or users
with granted permission.
Preview -
Header / Value Restrictions for tokens
Deny or allow access for requests with a token based on HTTP headers and their values, including regular expression support.
Preview -
Enforce OpenPGP Encryption
When selected, users creating tokens on behalf others need to provide the recipient’s OpenPGP key as an extra security layer.
Preview
Atlassian
-
Restrict API by IP address and range
Feature not available.
-
Revoke API tokens of other users
Admins can see a list of all tokens created and revoke any of them.
*Only available in Data Center
Preview -
Header / Value Restrictions for tokens
Feature not available.
-
Enforce OpenPGP Encryption
Feature not available.
Tokens' management and permissions
re:solution
-
Token permissions granular control
Who can use tokens, create tokens, and create tokens on behalf.
Preview -
Notification for tokens expiring soon
We provide a flexible scriptrunner script that sends expiration alerts to the token owners and other users in the desired date frequency.
Preview -
Request Rate limit
Per token basis.
Preview -
Expired token automatic deletion
Only manually or by running an automation.
-
Restrict auth to specific cluster nodes
Select on which nodes it will be allowed to authenticate with API tokens.
Preview
Atlassian
-
Token permissions granular control
Not Available. There are no restrictions or permissions control on Atlassian’s API Tokens.
-
Notification for tokens expiring soon
The token creator and admin can see which tokens will soon expire and get a notification.
Preview -
Request Rate limit
Per user basis.
Preview -
Expired token automatic deletion
Delete expired tokens automatically.
-
Restrict auth to specific cluster nodes
Feature not available.
Token Monitoring & Transparency
Atlassian
-
API tokens browser (Only for DC)
Browse by: Name Author (single selection) Creation, expiration and last used date.
*Only available in Data Center
Preview -
Audit Log
Atlassian’s audit log offers few data and no configuration control of what information should be part of the log file.