Wiki
Clone wikiAPI Tokens for Jira / Home
API Tokens for Jira/Confluence
How to configure the plugin?
The app has no configurations and works out-of-the-box.
But do not forget about a valid license. Without it users will be able to manage tokens however, authentication via tokens will not work
Where can I get a token?
With API Tokens plugin each user will get the ability to manage their tokens on the User's Profile page:
Direct link would be {base_url}/secure/ViewProfile.jspa
For Confluence you should additionally choose Settings tab
On the left side at the bottom of a Summary block should be API tokens block with Create API token button like on the image below:
Then:
- Click on Create token button
- Add a meaningful name for a token
- Click generate
- Copy it and use it on automation/integration
How to use API Token?
API Tokens suppose to be used in automation scripts or external integrations that require Jira or Confluence credentials
Here is an example with the curl command
For Jira:
curl -s {baseurl}/rest/api/latest/configuration --user {username}:{token}
For Confluence:
curl -s {baseurl}/rest/api/user/anonymous --user {username}:{token}
General Considerations
- Highly recommended to use a secure transport layer for tokens sending (SSL/TLS)
- Good practice to use one token per script
- Keep tokens in secret as you do for passwords
- Add meaningful labels to each token
What about Data Center or Jira Service Desk support?
Data Center approval was done for Jira and Confluence.
Jira Service Desk is fully compatible at least from v3.14.2 (but might support even lower versions).
A few technical details
- Tokens usage is limited to REST API (URL pattern "/rest/*") and HTTP basic access authentication
- Without a valid license still possible to manage tokens but authentication will not work
- Each token authentication is logged in the following format:
{username} has been authenticated via API Token ({token_id})
- Tokens stored in this table are salted and hashed
- By these IDs you can track requests in logs
- All tokens are securely stored in the following table
- AO_5D4005_TOKEN for Jira
- AO_2DF51C_TOKEN for Confluence
REST API
Get all tokens
GET {baseurl}/rest/api-tokens/latest/
Response example:
[ { "label":"Test Token", "createdAt":1572887594746, "lastAccessed":null, "id":"asp_DquJoZLwlsNJm6gU" } ]
Create token
POST {baseurl}/rest/api-tokens/latest/
Request Payload:
{"label": "New token"}
Response Example:
{"passwordValue":"oKSi1zHsS8H0wM8merxGJ5zY4BvlA0XV0F6"}
Delete token
DELETE {baseurl}/rest/api-tokens/latest/{id}
Response status code:
204
Delete all tokens for the current user
DELETE {baseurl}/rest/api-tokens/latest/all
Response status code:
204
Admin access only
Get tokens for all users
GET {baseurl}/rest/api-tokens/latest/all
Response status code:
200
Response example:
[ { "username": "admin", "count": 2, "tokens": [ { "id": 12, "label": "Jenkins", "usageCount": 12, "createdAt": "2024-06-03T17:13:59.304", "lastAccessed": "2024-06-04T17:13:00.303", "expirationDate": null }, { "id": 13, "label": "Python script", "usageCount": 0, "createdAt": "2024-06-03T17:14:05.791", "lastAccessed": null, "expirationDate": null } ] }, { "username": "user", "count": 1, "tokens": [ { "id": 14, "label": "My Automation", "usageCount": 0, "createdAt": "2024-06-03T17:15:10.582", "lastAccessed": null, "expirationDate": "2024-06-04T17:15:10.415" } ] } ]
API Tokens for Jira
API Tokens for Confluence
info@wombatscorp.com
Updated