API tokens will now have a maximum one‑year expiry

Thanks for the article @Vijay Dadi 

I looked at the documentation link in the email - https://support.atlassian.com/atlassian-account/docs/manage-api-tokens-for-your-atlassian-account/ - and it does not look to have been updated yet it seems. I would expect it to mention this deadline and the change on there.

My first thoughts are that that is great - it instils better security in many peoples minds. I am also happy about the "Note: This does not affect existing API tokens" as we have about between 5 to 10 that are setup already.

What we do is we create recurring tasks for cases like this for me and our admins to manage so that we do not hit expiry unexpectedly.

Thanks again

@Yatish Madhav ,

I agree, me myself built many automations/integrations with API tokens using service accounts. But I am happy that it will not affect existing tokens. This will new annual task for the admins.

Vj

this is a nightmare

OMG. Why?!

For such API keys in scope that this applies to, can they be renewed before the expiration date to avoid disruption\?

It looks like Atlassian have reviewed this change and are extending it to all existing tokens that don't yet have an expiry date.

However we only got this notification via e-mail and I was not able to find a related announcement article on Atlassian's website.

This will be hard on the service accounts that we currently use :-(

Respectfully,

This is REALLY going to IMPACT us.  We have many service accounts used in various systems throughout our company to allow input/output to Jira. This introduces a LOT of overhead.

Making them EXPIRE in ONE YEAR is NO BUENO!  

At the very least, we should have the ability to REVIEW and EXTEND the tokens for our accounts WITHOUT having to REPLACE them. 

As an admin, I have no way to know who is using tokens and where. So, I have no way to keep our specific users informed.

MAKING ATLASSIAN PRODUCTS HARDER TO USE/MAINTAIN IS NOT A GREAT ADOPTION/RETENTION MOVE.

Please reconsider.

Thanks,

Mark

Hi,
Is there a workaround or a way to get notified when a token is about to expire?
Manually checking the dashboard is a bit inconvenient. It would be great if this feature could be implemented.
Thanks!

This is great news!

Competent Sys Admins will finally be able to create limited lifespan service account tokens for third parties to use for performing work for short durations, secure in knowing the token becomes useless at the end of the period.

This will also bolster basic security principles, as every moderately competent Sys Admin knows to NEVER create service accounts that have immutable, permanent passwords, as that goes against many well known security principles.