Create
cancel
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in

Best Practices for Using Main JIRA Account for REST API and Maintenance

Julien Borrelli May 28, 2024

Hi everyone,

Is it good practice to use the main JIRA account solely for REST API and maintenance purposes, while using a separate personal account for my activities as an admin, user, manager, etc.?

I would love to hear examples of how other small companies manage this and what is considered good practice.

I’ve found it very simple to use REST API with basic auth and the main account. It seems that ONLY the main account works for this, so it would make sense to separate the main account from everything else and not use it as an agent or a user.

Thanks for your insights!

1 answer

1 accepted

1 vote
Answer accepted
Rebekka Heilmann _viadee_
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
May 28, 2024

Hi @Julien Borrelli 

what do you mean by "Main Account"? 

Julien Borrelli May 28, 2024

The account which has initially created the site and projects

Rebekka Heilmann _viadee_
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
May 28, 2024

Right - the API Token respects the user's permission. If you need access to everything and anything per API and you are low on licenses, it makes sense to use one technical Account for all.

However, API Tokens respect the user's permissions. So from a security point of view it makes sense to have multiple accounts for multiple use cases and only give them permissions for what they really need. Having one account might imply that you need to share the API Token with multiple people. I wouldn't recommend that.

Whether it's a personal or technical Account makes no difference aside from a traceability standpoint. Again - a pro for having multiple accounts so you know you did what - even if you only have someone being responsible for a technical account.

So: It really depends on what you are doing specifically and how high your (or your company's) need for security is.

By the way: you can always change who's Org Admin, Billing and technical contact - so there isn't really a "Main Account" at least not in Atlassian speech.

Julien Borrelli June 3, 2024

Thank you @Rebekka Heilmann _viadee_ , this is very helpful. We had an issue because we thought the "main" account needed to provide its own token to delegate API usage to another user. Thanks to your explanation, we now understand how it actually works. Cheers!

Rebekka Heilmann _viadee_
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
June 3, 2024

Glad I could help. Just a side note: There is a dedicated Usermanagement API on Organization Level. You can create an API Token directly from the Admin page to access that API. The Token is not User bound in this case.

For Product APIs you always use the User API Tokens as explained above :) 

Suggest an answer

Log in or Sign up to answer
DEPLOYMENT TYPE
CLOUD
PRODUCT PLAN
STANDARD
PERMISSIONS LEVEL
Site Admin
TAGS
AUG Leaders

Atlassian Community Events