Come for the products,
stay for the community

The Atlassian Community can help you and your team get more value out of Atlassian products and practices.

Atlassian Community about banner
4,368,135
Community Members
 
Community Events
168
Community Groups

API Token for different user

I understand how to create API tokens and how to use them to replace a password in a REST call - but this seems to work only for the admin user(s) of Jira? How to create an API token for a different user which has basic login/read/write access rights?

2 answers

1 accepted

1 vote
Answer accepted

Hello Ludwig,

Any user who is able to authenticate to an Atlassian cloud product should be able to create their own tokens for API and app usage. You will not be able to generate the token on behalf of the user, they will need to request the token themselves. Each user will have to follow these steps in order to create their own API tokens:

Create an API token from your Atlassian account:

  1. Log in to https://id.atlassian.com/manage/api-tokens.
  2. Click Create API token.
  3. From the dialog that appears, enter a memorable and concise Label for your token and click Create.
  4. Click Copy to clipboard, then paste the token to your script, or elsewhere to save:

Note:

  • For security reasons it isn't possible to view the token after closing the creation dialog; if necessary, create a new token.
  • You should store the token securely, just as for any password.

Source documentation: API tokens

I hope this proves helpful and your users are able to generate API tokens without issue.

Regards,
Stephen Sifers

@Stephen Sifers  We have this scenario of which we have 1000 more users to be migrated in Jira cloud from differnt erp. Can Jira just allowed an administrator be able to generate the token on behalf of the users ? because if they will need to request the token themselves and Each user will have to follow these steps in order to create their own API tokens its not possible for us.We have custom app that required our customers to login and authentication is handled in our local db, once they are confirmed and logged in, they can now allowed to manipulate their resources/servicedesk/tickets.Our app making rest api call to Jira, so for them to authenticate, we will pass his/her related token to headers in every Jira request.For us to attached currenlty loggedin user their api token "behind the scene" we need to save their api tokens in local database.Thats why we need a feature that will allow our jira admin to create tokens in behalf of our customers/users and save it in our local database.

Like # people like this

My user is a BOT, It could not log in and generate its API Key. How could I proceed?

Like # people like this

I need this answer too. We need service accounts that have their own API tokens for integrations and I cannot login as those users to generate the API key so how do I create API key for another user?

Like # people like this

@Marlon Chalegre  and @Jamie_Schwartz  have you found any resolution to your queries, we are also looking for same. Let know for any solution on this.

 

Thanks,

I asked my IT to create a real user account to use as a BOT and then I logged in and got an API Token.  :(

Like # people like this

Can we use this API token against different users activity in Jira ?

I know this is old, but thought it might be helpful to some (since I've just had to face all this with our migration to the cloud.)

Yes, @Marlon Chalegre . I do the same thing. I create a local user in Atlassian. Then I login as that user and generate the API token.

We also use Azure AD and Okta SSO to sync/control our users/groups in Atlassian Access, so that adds a level of complexity.

Here an example of what I do:

  1. Before I add the service account user to Azure AD syncing, I create an Atlassian account for the account (e.g., my-svc-acct@myemail.com) NOT Azure AD sync'd, but with an Atlassian password.
  2. Log in with an "incognito" window to https://id.atlassian.com/manage/api-tokens with the account and Atlassian credentials.
  3. Generate the API token
  4. Logout as that user (close the incognito window)
  5. Setup the service account user to sync in Azure AD.
  6. Setup the user in the correct Authentication Policy.
  7. Provide the service account user access to the specific projects it needs access to. Or, if more access is required, I add them to a group that has full access.

Hope this helps someone.

:) Mark

Hi,

Since there still seems to be quite some interested in this topic and this thread in particular,  let me give the Marketplace-answer: There's an app for that – a free one, too!

Every API token created via https://id.atlassian.com/manage/api-tokens is tied to a specific user and inherits all the permissions of that user. So, if you really want to restrict what someone can do with an API token, you end up with a lot of technical users that have different permissions – which is not really all that manageable. 

API Token Manager for Jira on the other hand allows you to create time-limited API tokens that can be restricted on HTTP verbs and allowable REST endpoints. What does that mean? With our app, you can (for example) create API tokens that,

  • …can only read data. (HTTP GET)
  • …can only create new issue (but not read anything)
  • …can only interact with issues in one project
  • …that expire after a set time 

Anyway, hope that helps. I'm always interested in learning more about how people use the Atlassian APIs, so please reach out with any feedback or comments.

Best regards,
 Oliver

P.S. In case you hadn't guessed it yet, I work at Polymetis Apps the vendor behind this free app. 

Suggest an answer

Log in or Sign up to answer