Community resources
Community resources
Community resources
- Community
- Q&A
- Jira Product Discovery
- Articles
- Deprecation of classic API token access for Jira Product Discovery GraphQL queries
Deprecation of classic API token access for Jira Product Discovery GraphQL queries
What’s changing
We’re deprecating classic API tokens for Jira Product Discovery in favour of scoped, fine-grained tokens. These tokens provide better security and least-privilege access, aligning with the broader Atlassian token modernisation initiative.
A small number of GraphQL queries will stop accepting API Tokens after Oct 31, 2026.
New JPD token scopes
Use the following scopes when creating fine-grained tokens for JPD Atlassian GraphQL queries:
-
read:insight:jira-product-discovery
-
write:insight:jira-product-discovery
-
delete:insight:jira-product-discovery
-
read:view:jira-product-discovery
-
write:view:jira-product-discovery
-
delete:view:jira-product-discovery
-
read:project:jira-product-discovery
Why we’re doing this
-
Least privilege and better security posture via explicit scopes and reduced blast radius.
-
Future-proofing: access to upcoming capabilities and improved auditability.
-
Operational clarity: easier token management, rotation patterns, and ownership hygiene.
What you need to do
-
Locate all apps and integrations that use classic Jira access tokens. See the table below for queries and mutations affected.
-
Create a new fine-grained token with only the scopes your integration requires (see scope list above).
-
if the query no longer support API tokens, remove it from your integration
-
-
Update your integration configuration to use the new token and validate end-to-end.
-
Rotate and retire classic tokens after successful verification.
You can read more about access tokens here https://support.atlassian.com/atlassian-account/docs/manage-api-tokens-for-your-atlassian-account/
Affected GraphQL queries
|
Query/mutation |
Scope required |
|---|---|
|
write:insight:jira-product-discovery
|
|
delete:insight:jira-product-discovery
|
|
read:insight:jira-product-discovery
|
|
write:view:jira-product-discovery
|
|
read:view:jira-product-discovery
|
|
read:project:jira-product-discovery
|
|
No longer supports API token access! |
Migration tips and best practices
-
Apply only the scopes you need; start with read-only to validate, then add write/delete as required.
-
Use environment variables or secret managers to store tokens; avoid hard-coding in scripts.
FAQ
Does this deprecation remove Basic authentication for JPD APIs?
No. If you currently use Basic auth with a token, you can continue using Basic auth with a fine-grained token. The change is that tokens now carry scopes, enabling least-privilege access.
How do I choose the right scopes for my integration?
Map each JPD GraphQL query your integration calls to the minimal matching scope(s). Start with the read scopes, then add write/delete scopes only where updates or deletions are required.
What happens if I don’t migrate in time?
Any integration still using classic tokens will fail authentication after. We recommend migrating as soon as possible to avoid disruption.
Where can I find more information on access tokens?
You can read more about access tokens here: https://support.atlassian.com/atlassian-account/docs/manage-api-tokens-for-your-atlassian-account/
How can I use those tokens?
You can use those tokens to query Atlassian GraphQL Gateway to create insights, fetch insights and more.
Please remember that those API remain in beta and may change.
In case of questions
You can always contact us by commenting under this post or raising a support ticket.
Was this helpful?
Thanks!
Piotr Pawluk
0 comments