How to create a limited API token

KB May 12, 2023

I want to use the rest api within Jira Automation.

The problem is, that I cannot add a limited local user (to create the api token from) in Jira Cloud but I do not want to add my admin credential API keys in the automation.

Is there any way to get to a limited scope API credentials or have the automation user do this somewhat "locally"?

2 answers

1 vote
David Bakkers
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
May 12, 2023

Hello @KB 

Nope. Tokens are just representations of user accounts. Whatever privileges the user account has, then their token has the same privileges.

KB May 14, 2023

Thanks. Given I cannot create new local users in Jira Cloud, does that mean, best practice is to create a dummy user in the IDP for this?

David Bakkers
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
May 15, 2023

I don't know what an 'IDP' is, but basically, yes, use a dummy / universal account.

Give the user account a really obvious name like 'AutomationAgent' so that people will immediately know it's not a human doing the activities and you can find and differentiate all the activities of that account in the activity logs.

0 votes
Oliver Siebenmarck _Polymetis Apps_
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
May 15, 2023

Hi @KB ,

As @David Bakkers the API Tokens that you can create for Atlassian's Cloud products always have the same identity and permissions as the user who creates them. Within the base product, there is no other way to do this.

If you are open to using an app from the Marketplace, there is another option. The two apps API Key Manager for Jira and API Key Manager for Confluence allow you to create time-limited and scoped API keys. For example, the create an API key that is allowed to create issues only in one project, that cannot read anything and that expires after 30 days. 

Now, I might be biased as I work for Polymetis Apps, the vendor behind those apps, but the scenario you describe is pretty much the reason we came up with both apps. 

Hope that helps and let me know if you have any further questions,
 Oliver

Suggest an answer

Log in or Sign up to answer
DEPLOYMENT TYPE
CLOUD
PRODUCT PLAN
STANDARD
PERMISSIONS LEVEL
Site Admin
TAGS
AUG Leaders

Atlassian Community Events