I understand how to create API tokens and how to use them to replace a password in a REST call - but this seems to work only for the admin user(s) of Jira? How to create an API token for a different user which has basic login/read/write access rights?
Any user who is able to authenticate to an Atlassian cloud product should be able to create their own tokens for API and app usage. You will not be able to generate the token on behalf of the user, they will need to request the token themselves. Each user will have to follow these steps in order to create their own API tokens:
Create an API token from your Atlassian account:
- Log in to https://id.atlassian.com/manage/api-tokens.
- Click Create API token.
- From the dialog that appears, enter a memorable and concise Label for your token and click Create.
- Click Copy to clipboard, then paste the token to your script, or elsewhere to save:
- For security reasons it isn't possible to view the token after closing the creation dialog; if necessary, create a new token.
- You should store the token securely, just as for any password.
Source documentation: API tokens
I hope this proves helpful and your users are able to generate API tokens without issue.
@Stephen Sifers We have this scenario of which we have 1000 more users to be migrated in Jira cloud from differnt erp. Can Jira just allowed an administrator be able to generate the token on behalf of the users ? because if they will need to request the token themselves and Each user will have to follow these steps in order to create their own API tokens its not possible for us.We have custom app that required our customers to login and authentication is handled in our local db, once they are confirmed and logged in, they can now allowed to manipulate their resources/servicedesk/tickets.Our app making rest api call to Jira, so for them to authenticate, we will pass his/her related token to headers in every Jira request.For us to attached currenlty loggedin user their api token "behind the scene" we need to save their api tokens in local database.Thats why we need a feature that will allow our jira admin to create tokens in behalf of our customers/users and save it in our local database.
I know this is old, but thought it might be helpful to some (since I've just had to face all this with our migration to the cloud.)
Yes, @Marlon Chalegre . I do the same thing. I create a local user in Atlassian. Then I login as that user and generate the API token.
We also use Azure AD and Okta SSO to sync/control our users/groups in Atlassian Access, so that adds a level of complexity.
Here an example of what I do:
Hope this helps someone.
Since there still seems to be quite some interested in this topic and this thread in particular, let me give the Marketplace-answer: There's an app for that – a free one, too!
Every API token created via https://id.atlassian.com/manage/api-tokens is tied to a specific user and inherits all the permissions of that user. So, if you really want to restrict what someone can do with an API token, you end up with a lot of technical users that have different permissions – which is not really all that manageable.
API Token Manager for Jira on the other hand allows you to create time-limited API tokens that can be restricted on HTTP verbs and allowable REST endpoints. What does that mean? With our app, you can (for example) create API tokens that,
Anyway, hope that helps. I'm always interested in learning more about how people use the Atlassian APIs, so please reach out with any feedback or comments.
P.S. In case you hadn't guessed it yet, I work at Polymetis Apps the vendor behind this free app.