Create
cancel
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Celebration

Earn badges and make progress

You're on your way to the next level! Join the Kudos program to earn points and save your progress.

Deleted user Avatar
Deleted user

Level 1: Seed

25 / 150 points

Next: Root

Avatar

1 badge earned

Collect

Participate in fun challenges

Challenges come and go, but your rewards stay with you. Do more to earn more!

Challenges
Coins

Gift kudos to your peers

What goes around comes around! Share the love by gifting kudos to your peers.

Recognition
Ribbon

Rise up in the ranks

Keep earning points to reach the top of the leaderboard. It resets every quarter so you always have a chance!

Leaderboard

API Token for different user

I understand how to create API tokens and how to use them to replace a password in a REST call - but this seems to work only for the admin user(s) of Jira? How to create an API token for a different user which has basic login/read/write access rights?

3 answers

1 accepted

1 vote
Answer accepted
Stephen Sifers
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
May 07, 2019

Hello Ludwig,

Any user who is able to authenticate to an Atlassian cloud product should be able to create their own tokens for API and app usage. You will not be able to generate the token on behalf of the user, they will need to request the token themselves. Each user will have to follow these steps in order to create their own API tokens:

Create an API token from your Atlassian account:

  1. Log in to https://id.atlassian.com/manage/api-tokens.
  2. Click Create API token.
  3. From the dialog that appears, enter a memorable and concise Label for your token and click Create.
  4. Click Copy to clipboard, then paste the token to your script, or elsewhere to save:

Note:

  • For security reasons it isn't possible to view the token after closing the creation dialog; if necessary, create a new token.
  • You should store the token securely, just as for any password.

Source documentation: API tokens

I hope this proves helpful and your users are able to generate API tokens without issue.

Regards,
Stephen Sifers

@Stephen Sifers  We have this scenario of which we have 1000 more users to be migrated in Jira cloud from differnt erp. Can Jira just allowed an administrator be able to generate the token on behalf of the users ? because if they will need to request the token themselves and Each user will have to follow these steps in order to create their own API tokens its not possible for us.We have custom app that required our customers to login and authentication is handled in our local db, once they are confirmed and logged in, they can now allowed to manipulate their resources/servicedesk/tickets.Our app making rest api call to Jira, so for them to authenticate, we will pass his/her related token to headers in every Jira request.For us to attached currenlty loggedin user their api token "behind the scene" we need to save their api tokens in local database.Thats why we need a feature that will allow our jira admin to create tokens in behalf of our customers/users and save it in our local database.

Like # people like this

My user is a BOT, It could not log in and generate its API Key. How could I proceed?

Like # people like this

I need this answer too. We need service accounts that have their own API tokens for integrations and I cannot login as those users to generate the API key so how do I create API key for another user?

Like # people like this

@Marlon Chalegre  and @Jamie Schwartz  have you found any resolution to your queries, we are also looking for same. Let know for any solution on this.

 

Thanks,

I asked my IT to create a real user account to use as a BOT and then I logged in and got an API Token.  :(

Like # people like this

Can we use this API token against different users activity in Jira ?

I know this is old, but thought it might be helpful to some (since I've just had to face all this with our migration to the cloud.)

Yes, @Marlon Chalegre . I do the same thing. I create a local user in Atlassian. Then I login as that user and generate the API token.

We also use Azure AD and Okta SSO to sync/control our users/groups in Atlassian Access, so that adds a level of complexity.

Here an example of what I do:

  1. Before I add the service account user to Azure AD syncing, I create an Atlassian account for the account (e.g., my-svc-acct@myemail.com) NOT Azure AD sync'd, but with an Atlassian password.
  2. Log in with an "incognito" window to https://id.atlassian.com/manage/api-tokens with the account and Atlassian credentials.
  3. Generate the API token
  4. Logout as that user (close the incognito window)
  5. Setup the service account user to sync in Azure AD.
  6. Setup the user in the correct Authentication Policy.
  7. Provide the service account user access to the specific projects it needs access to. Or, if more access is required, I add them to a group that has full access.

Hope this helps someone.

:) Mark

Like # people like this

Responding to @Oliver Siebenmarck _Polymetis Apps_ - thanks a lot for linking to the app. However, it is no longer free...

Oliver Siebenmarck _Polymetis Apps_
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Oct 04, 2023

Hi @Amir Katz _Jira Admin_ ,

Thanks for the hint, I've updated my post to reflect that. The app is still free for teams up to ten users, but not beyond that. 

0 votes
Oliver Siebenmarck _Polymetis Apps_
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Aug 25, 2022 • edited Oct 04, 2023

Hi,

Since there still seems to be quite some interested in this topic and this thread in particular,  let me give the Marketplace-answer: There's an app for that – free for up to ten users, too!

Every API token created via https://id.atlassian.com/manage/api-tokens is tied to a specific user and inherits all the permissions of that user. So, if you really want to restrict what someone can do with an API token, you end up with a lot of technical users that have different permissions – which is not really all that manageable. 

API Token Manager for Jira on the other hand allows you to create time-limited API tokens that can be restricted on HTTP verbs and allowable REST endpoints. What does that mean? With our app, you can (for example) create API tokens that,

  • …can only read data. (HTTP GET)
  • …can only create new issue (but not read anything)
  • …can only interact with issues in one project
  • …that expire after a set time 

Anyway, hope that helps. I'm always interested in learning more about how people use the Atlassian APIs, so please reach out with any feedback or comments.

Best regards,
 Oliver

P.S. In case you hadn't guessed it yet, I work at Polymetis Apps the vendor behind this app. 

Hello,

your app is not quite the right tool for me as a Jira Admin, because it still creates the API Token only connected to my Account.

What I need is to create an API Token for a technical User who has not logged in its Profile and create an API Token in the GUI.

So I am still waiting for a solution.

Greetings,

Michael

Like Rui Caldeira likes this
Oliver Siebenmarck _Polymetis Apps_
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Oct 20, 2022

Hi @Michael Scholz ,

I'm sorry I wasn't quite clear on that, but the token created by API Token Manager is not connected to your account. Instead, the token is tied to the app itself.

To us, this distinction matters a lot: The token gets a set of permissions at creation and keeps those until it is revoked or it expires. Whether the user who created the token is off-boarded from Jira or looses permissions does not matter to that

Now, if you want an app that creates a token for an arbitrary user that is active in your instance: We cannot do that, mainly because the Atlassian platform does not allow us to create tokens tied to a user programmatically – for various reasons included security, I suppose.

But setting that aside, I am truly curious: Why would you want to do that? Wouldn't you end up with a lot of functional user who increase the actual count of users on your instance and thus produce a higher bill? Is there a benefit I am not seeing or do you have a specific regulatory constraint here?

Best regards,

 Oliver

Hello Oliver,

thank you very much for your reply. We have lots of different Teams which have their own technical users to make REST Calls against our Jira Instance in our company. Yes, it is very complicated as we used Jira on Premise and now we have started to migrate to cloud with about 200 Projects and about 4000 Users. With "Atlassian Access" we can declare technical users as non-billable, so they won´t count.

I am not very good when it comes to REST API, but I learned, that you have to authenticate a user with a combination of E-Mailaddress and API-Token, encoded with Base64 in a REST Call. At least I use it that way in Postman. So how do I authenticate only with that API-Token?

Greetings,

Michael

Suggest an answer

Log in or Sign up to answer