Are reminders proactively sent prior to API Token exiration? Other than setting an Outlook reminder, is there a way to set up Atlassian to send a notification before API tokens expire? For example, our GitHub token expired without anyone knowing?
Hello Matt!
Yes, reminders are sent to the user that requested the API Token one month prior to expiration.
I use service accounts as well so in this situation I set up my own calendar reminders a month before the API token expire as I don't monitor their inboxes.
Jason has the core of it. The reminder email goes to the person who created the token, and only to them.
The gap that bit you is on the admin side. There's no org-level alert or inventory that tells an admin some token in the org is about to lapse, so if the owner isn't watching their own inbox it slips straight past, which is pretty much what happened with your GitHub one. Atlassian has an open request for exactly this (ID-8781), still gathering interest as of this week, if you want to throw a vote on it.
On timing, Atlassian doesn't publish a fixed number of days and you can't configure it. From what people see in practice the mail arrives close to the expiry date and it's a single reminder, so on an account nobody logs into it's easy to miss.
The owner can always check the exact date at id.atlassian.com under Security > API tokens. For anything unattended I'd keep doing what you mentioned with the calendar reminders, ideally on a dedicated service account, and rotate a couple of weeks ahead so it survives someone being on leave.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.