Wiki
Clone wikiAPI Tokens for Jira / API Tokens plugin
Tokens Management
Where can I get a token?
After plugin installation each Jira user get an ability to manage own tokens on View Profile page:
- User Avatar > Profile
- or directly by the link {base_url}/secure/ViewProfile.jspa
On left column Summary
At the bottom (below Groups section)
New section API tokens will be present
How to create a new token?
From the beginning, users see Create API token and message that there are no tokens yet.
- So click Create API token button
- Add Label and click Create button
- Copy generated API Token
How to revoke tokens?
Please revoke token when it became unnecessary or was exposed somewhere.
Users can revoke each token (Revoke) or all of them (Revoke API Tokens).
After that Confirmation pop-up will be shown.
General recommendations
- Use meaningful Label appropriate to the place where tokens will be used
- For security reason, it is recommended to use a token per each script
- Keep API Tokens in secret as you do with passwords
- Strongly recommended to use secure HTTPS communication
How to use that token?
Tokens could be used in the same way as passwords in basic access authentication.
Example for curl
command:
curl -s --user {jira_username}:{generated_token} {jira_rest_endpoint_url}
So real curl
command would look like following:
curl -s --user admin:PExRHkVGE5Da5BpwESbtpKJnUqUEyDmvsRt https:wombatscorp.com/jira/rest/api/latest/configuration
curl -s --user admin:PExRHkVGE5Da5BpwESbtpKJnUqUEyDmvsRt https:wombatscorp.com/confluence/rest/api/latest/accessmode
A few technical details
Tokens consist of 35 chars generated using SecureRandom and alphabet of 0..9 and A..z
No plain-text tokens stored anywhere (only salted hash of them)
Tokens data stored in DB (AO_5D4005_Tokens
table)
The plugin covers only REST API calls ({jira_domain}/rest/*
)
And only HTTP basic auth calls (with HTTP Header Authorization: Basic {credentials}
)
Basic auth with password still available to end-users
It works even for SAML / SSO users
____________________________________________________________
On any additional questions please contact me via email
info@wombatscorp.com
Updated