Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Product Q&A
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

How to create a limited API token

KB
KB
Contributor
May 12, 2023

I want to use the rest api within Jira Automation.

The problem is, that I cannot add a limited local user (to create the api token from) in Jira Cloud but I do not want to add my admin credential API keys in the automation.

Is there any way to get to a limited scope API credentials or have the automation user do this somewhat "locally"?

Answer
Watch
Like Be the first to like this
2488 views

2 answers

1 vote
David Bakkers
David Bakkers
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
May 12, 2023

Hello @KB 

Nope. Tokens are just representations of user accounts. Whatever privileges the user account has, then their token has the same privileges.

View More Comments
KB
KB
Contributor
May 14, 2023

Thanks. Given I cannot create new local users in Jira Cloud, does that mean, best practice is to create a dummy user in the IDP for this?

Like
David Bakkers
David Bakkers
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
May 15, 2023

I don't know what an 'IDP' is, but basically, yes, use a dummy / universal account.

Give the user account a really obvious name like 'AutomationAgent' so that people will immediately know it's not a human doing the activities and you can find and differentiate all the activities of that account in the activity logs.

Like
Reply
0 votes
Oliver Siebenmarck _Polymetis Apps_
Oliver Siebenmarck _Polymetis Apps_
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
May 15, 2023

Hi @KB ,

As @David Bakkers the API Tokens that you can create for Atlassian's Cloud products always have the same identity and permissions as the user who creates them. Within the base product, there is no other way to do this.

If you are open to using an app from the Marketplace, there is another option. The two apps API Key Manager for Jira and API Key Manager for Confluence allow you to create time-limited and scoped API keys. For example, the create an API key that is allowed to create issues only in one project, that cannot read anything and that expires after 30 days. 

Now, I might be biased as I work for Polymetis Apps, the vendor behind those apps, but the scenario you describe is pretty much the reason we came up with both apps. 

Hope that helps and let me know if you have any further questions,
 Oliver

Reply

Suggest an answer

Log in or Sign up to answer
Confluence
Confluence
DEPLOYMENT TYPE
CLOUD
PRODUCT PLAN
STANDARD
PERMISSIONS LEVEL
Product Admin
TAGS
AUG Leaders

Atlassian Community Events

    See all events