Clone wiki

API Tokens for Jira / Home

API Tokens for Jira/Confluence

How to configure the plugin?

Plugin has no configurations and works out-of-the-box.

But do not forget about a valid license. Without it users will be able to manage tokens however, authentication via tokens will not work

Invalid license message

Where can I get a token?

With API Tokens plugin each user will get an ability to manage own tokens on the User's Profile page:

Link to profile page
Direct link would be {base_url}/secure/ViewProfile.jspa

For Confluecne you should additionally choose Settings tab

On the left side in the bottom of a Summary block should be API tokens block with Create API token button like on image bellow:

User Profile with no tokens


  • Click on Create token button
  • Add a meaningful name for a token
  • Click generate
  • Copy it and use on automation/integration

How to use API Token?

API Tokens suppose to be used in automation scripts or external integrations that requires Jira or Confluence credentials

Here is an example with curl command

For Jira:
curl -s {baseurl}/rest/api/latest/configuration --user {username}:{token}

For Confluence:
curl -s {baseurl}/rest/api/user/anonymous --user {username}:{token}

General Considerations

  • Highly recomended to use secure transport layer for tokens sending (SSL/TLS)
  • Good practice to use one token per one script
  • Keep tokens in secret as you do for passwords
  • Add meaningful labels to each token

What about Data Center or Jira Service Desk support?

Data Center approval done for Jira and for Confluence.

Jira Service Desk fully compatiable at least from v3.14.2 (but might support even lower versions).

A few technical details

  • Tokens usage is limited to REST API (URL pattern "/rest/*") and HTTP basic access authentication
  • Without valid license still posible to manage tokens but authentication will not work
  • Each token authentication logged in followin format:
    {username} has been authenticated via API Token ({token_id})
  • Tokens stored in this table salted and hashed
  • By this IDs you can track requests in logs
  • All tokens securely stored in following table
    • AO_5D4005_TOKEN for Jira
    • AO_2DF51C_TOKEN for Confluence


Get all tokens

GET {baseurl}/rest/api-tokens/latest/

Response example:

[ { "label":"Test Token", "createdAt":1572887594746, "lastAccessed":null, "id":"asp_DquJoZLwlsNJm6gU" } ]

Create token

POST {baseurl}/rest/api-tokens/latest/

Request Payload:
{"label": "New token"}

Response Example:

Delete token

DELETE {baseurl}/rest/api-tokens/latest/{id}

Response status code:

Delete all tokens for current user

DELETE {baseurl}/rest/api-tokens/latest/all

Response status code:

API Tokens for Jira
API Tokens for Confluence