Forums
Home Product Q&A Discussion groups Articles Ask a question Search
Learning
Events
Champions

Forums

Articles
Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Product Q&A
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Should I create a non-user account for API Tokens?

Jesse Adelman
Jesse Adelman
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
Get involved
November 20, 2018

Howdy. I'm about to allow Applause access to my orgs JIRA. I'm a Site Admin. I have a few questions:

* Should I create a generic account for the API Tokens to be generated from?

* Can I limit access to that account, so that a compromise of the token doesn't allow (human) user-level access?

These questions arise from my concern that a) if I'm no longer with the company, and they disable my account, would the API Token (and application integration the token allows) break? And, I'd prefer to be more granular in the access levels that the API Token will allow (obviously, if it is my account, as a Site Admin, well... that's a lot of access permitted...).

Thanks in advance!

Jesse

EDIT: P.S. If I create a "non-human" API account, how can I not have it count against our license seats?

Answer
Watch
Like Be the first to like this
3250 views

1 answer

0 votes
Daniel Eads
Daniel Eads
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
November 20, 2018

Hi Jesse,

Welcome to the Community!

Having apps use the Atlassian Connect framework is the best/preferred way of integrating external apps. This ensures the apps authenticate using OAuth and get access to the correct things they need to access without functioning as a "real" user. Unfortunately it looks like Applause's documentation indicates they want to use a "real" user account instead of having a Cloud app (using the Connect framework) currently.

The problem with this approach is pretty much everything you've outlined in your questions:

  • To properly sandbox it from "real" user interactions, you'll need to create a dedicated account just for the integration
  • The API token for a user doesn't allow for granularity in access controls
  • This will consume one of your licenses

Unfortunately the path forward around these issues is contacting Applause and asking them to rebuild their integration with Cloud to use the Connect framework.

In the meantime, creating a dedicated user (like applause-integration) with a separate email address and creating an API token for it from id.atlassian.com is what will need to happen to get it working.

I wish there were a better answer, but it's really up to Applause to write an app integration for Cloud instead of impersonating a user.

Cheers,
Daniel

Reply

Suggest an answer

Log in or Sign up to answer
Jira
Jira
TAGS
AUG Leaders

Atlassian Community Events

    See all events
    Community
    Forums
    FAQs Forums guidelines
    Learning
    About learning Resources
    Events
    Champions
    Copyright © 2025 Atlassian
    Privacy Policy Notice at Collection Terms Security