API Token Authentication Confluence -Increased user security
As we continue to move towards a cloud future together, new server app sales and installs are no longer available for customers. You can update app version via Atlassian Marketplace until the end of support for server on Feb 15, 2024. Learn more
Increase security for Confluence REST API data connections from external services with API Tokens instead of username & password
Make your SSO environments better with API tokens
In SAML SSO environments, users often have no local passwords anymore. This makes connecting external scripts, services and apps difficult. With API tokens (Personal Access Token) users can now access 3rd party apps.
Permissions Model & Token Scoping
Group Based Permissions for tokens:
Scoping applicable to individual tokens:
-Read & Write edits issues & tickets
-Read-only creates reports, dashboards, notifications & more
Practical Token Management
The token manager allows you to:
-Create on behalf of
Free PoC & configuration support - schedule a session
API Token Auth brings Personal Access Token to Confluence. Allow API tokens as a secure way of integrating Confluence w/ custom scripts & 3rd-party apps (i.e. Zapier, MS Flow, automate.io etc).
Give admins precise control over the API usage & solve the issue in SSO environments where users can’t use the API due to a lack of passwords.
- Create Tokens per user & services
- Revoke API Tokens anytime
- Token Manager to filter/create tokens for all users
- Permissions for who (users or groups) may create tokens & what scope (read or read-write)
- Audit Logging
- Restrict REST API requests by IP address & range
- Disallow built-in basic authentication w/ username & pw for REST API connections
- Works in all SSO environments
- Compatible with user mgmt apps: SAML Single Sign-On, User Directory Sync, User Deactivator
- Business-class support & proven scalability for small & large enterprises
- Trusted by top healthcare, government & finance firms
Privacy and security
As a user, you can simply create an REST API Token & give it a recognizable name that describes the purpose of this Token.