Forums

Articles
Create
cancel
Showing results for 
Search instead for 
Did you mean: 

User API Token Best Practices

Shawn Stevens
Contributor
August 22, 2025

We are currently on Atlassian Cloud Enterprise and our main Authentication policy has enabled the ability for Users to create API tokens. When Atlassian introduced the 1 year expiration change, I started to look at all the tokens we had. With the intention on trying to clean and manage the Tokens a little better than what was previously being done. 

I'm curious how others are handling user API tokens. 

I have created a new authentication policy and have started to move users (mainly our service accounts that I have control over) to a new authentication policy. With the intention of turn off the ability to create User Api tokens in the main Authentication Policy. Preventing anyone from created API tokens, that are not in the new Authentication policy.

I like the introduction of the scopes on API tokens, which feels like it give Admins a little more control from a permission perspective. 

Do you allow User API tokens? 
How do manage and keep track of what these users are doing with the API Tokens? 

Thanks, 

Shawn Stevens

0 answers

Suggest an answer

Log in or Sign up to answer
DEPLOYMENT TYPE
CLOUD
PRODUCT PLAN
ENTERPRISE
PERMISSIONS LEVEL
Product Admin
TAGS
AUG Leaders

Atlassian Community Events