Forums
Home Q&A Discussion groups Articles Ask a question Search
Learning
Events
Champions
Community
Forums
Home Q&A Discussion groups Articles Ask a question Search
Learning Events Champions
Forums
Home Q&A Discussion groups Articles Ask a question Search
Learning Events Champions

Forums

Articles
Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Q&A
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources
  • Community
  • Q&A
  • Jira
  • Questions
  • Is there an API endpoint to introspect Jira API token scopes (independent of user permissions)?

Is there an API endpoint to introspect Jira API token scopes (independent of user permissions)?

sagi karach
sagi karach
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
Get involved
December 18, 2025

Hi,

We are working with Jira Cloud API tokens that use scopes (both Classic and Granular), and we would like to clarify whether there is any way to introspect the permissions of the token itself, rather than the permissions of the underlying user.

Specifically, is there any REST API endpoint or supported mechanism that allows us to:

  • Retrieve the list of scopes granted to the current API token, or

  • Determine which REST API capabilities are allowed based on the token’s scopes, independently of the user’s project roles, groups, or permission schemes?

At the moment, it appears that:

  • Endpoints like /mypermissions only reflect the user’s Jira permissions, not the token’s scopes.

  • There is no obvious endpoint similar to OAuth introspection that returns the token’s granted scopes.

  • The only practical way to verify scope-related access is by probing endpoints and observing 401 “scope does not match” responses.

We would like to confirm whether this understanding is correct, or if there is an official or recommended way to inspect or validate API token scopes directly.

Thanks in advance for the clarification.

Best regards,
Sagi Karach

Answer
Watch
Like Be the first to like this
41 views

1 answer

0 votes
Sayali Alhad
Sayali Alhad
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
December 18, 2025

Hi @sagi karach 

Welcome to Atlassian Community!

See if below endpoint helps - Get all API tokens in an org 

Regards,

Sayali Alhad

View More Comments
sagi karach
sagi karach
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
Get involved
December 18, 2025

The suggested organization level endpoint does not answer our question. We are only trying to confirm whether token access can be determined separately from the user who created it.

Like
Reply

Suggest an answer

Log in or Sign up to answer
Jira
Jira
DEPLOYMENT TYPE
CLOUD
PRODUCT PLAN
PREMIUM
TAGS
AUG Leaders

Atlassian Community Events

    See all events
    Community
    Forums
    FAQs Forums guidelines
    Learning
    About learning Resources
    Events
    Champions
    Copyright © 2025 Atlassian
    Privacy Policy Notice at Collection Terms Security