API Tokens for Jira
Keep your password more secure and use API Tokens instead for REST API calls
Manage API Tokens for integrations
Create and revoke tokens, use them instead of a personal password to keep it more secure
Improve the security of Jira integrations
Auto-expiring 35 chars of token generated by robust algorithms much better than user' password
Keep user's password in secret
Any automation or integration that use Jira REST API would work with a token which can be withdrawn at any time
API Tokens for Jira are a secure way to use scripts and integrate any external applications with Jira Server.
- More secure than password usage
- Simpler than OAuth
- Compatible with Single sign-on (SSO)
- Indifferent to non-ASCII characters and umlauts in user's passwords
- Supports Cookie-based authentication
- Compatible with WebSudo
In addition to basic auth over REST API, you can use API Tokens, by setting the token as a header value, instead of providing password.
If an external system is compromised, you simply revoke the token instead of changing the password and consequently changing it in all scripts and integrations.
Also available API Tokens for Confluence
Restrict basic authentication only to API Tokens, so nobody will use personal passwords on their automation