I have policy in place that all automation must use dedicated API account which is tied to a dedicated group. Thereby I can kill all automation by removing permission for the group to use Jira
But I have no way to force everyone to request and use a dedicated API account and I have had major performance issues from some API bad actors.
Seems to be missing feature of Jira to restrict external API calls to a given group... Any suggestions on how to detect API bad actors would be most helpful