Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Products
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

How to get each user's API token?

Albert Song
Albert Song September 14, 2017

Is it possible to EASILY get each user's API token or have them retrieve it? For GH and Jenkins, it seems as simple as clicking a few links.

For context, I have Hubot set up on Hipchat and I have a lot of scripts with JIRA functionality. However, I want to authenticate each user when they use commands to access JIRA's API. For example, I do not want a user who is not in a JIRA project to be able to access it. Through basic authentication, this is not possible. It seems like Oauth does not allow this EASILY as the process to retrieve a JIRA API token is rather painful for a typical user. 

Am I not understanding how Oauth works? Each user has to go through the entire instructions below right? https://developer.atlassian.com/jiradev/jira-apis/jira-rest-apis/jira-rest-api-tutorials/jira-rest-api-example-oauth-authentication

Answer
Watch
Like Be the first to like this
1264 views

1 answer

0 votes
brbojorque
brbojorque
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
Become a leader
December 26, 2019

OAuth works by requesting multiple requests to the Service Provider in this case Jira.

Here is the flow of the 3 legged authentication.

  1. You request for a temporary token to the service provider
  2. Service provider then respond back an authorization code
  3. You can then use that to authenticate again to the service provider
  4. You can save the Token & secret to a session or a file in the server

It is important that you have a service that re-authentication in case the code is revoked or expired.

For more information please check the link below.

https://developer.atlassian.com/cloud/jira/platform/oauth-2-authorization-code-grants-3lo-for-apps/

Reply

Suggest an answer

Log in or Sign up to answer
Jira
Jira Software
TAGS
AUG Leaders

Atlassian Community Events

    See all events