...
You can easily expire or regenerate unique tokens without affecting the users user's account password.
Users can create multiple tokens targeting different integrations.
Suitable in SSO environments where users have no passwords in the Atlassian user directories.
...
IP restriction: Manage IP ranges for clients that are allowed to authenticate with API tokens. You can both enable and disable tokens for specific IP ranges. Read more about IP restrictions.
User permissions: Manage whether non-admin users should be allowed to create API tokens. You can even assign such permissions to specific groups and specify the maximum lifetime of tokens. The screenshot below shows an example where members of the group "jira-software-users" will be allowed to use API tokens. In this example, users are also allowed to set API tokens lasting forever.
As an admin, you will be able to see all API tokens, also those created by other users.
...
Below follows several examples for how to construct HTTP request with API tokens in various programming languages:
Curl
Code Block | ||
---|---|---|
| ||
curl -u username:my-api-token https://jira.example.com/rest/ |
Javascript
Code Block | ||
---|---|---|
| ||
const response = await fetch("'https://jira.example.com/rest/"', { headers: { "'Authorization"': `Basic ${btoa(`${username}:${my-api-token}`)}` } }); const result = await res.json(); |
Code Block | ||
---|---|---|
| ||
const http = new XMLHttpRequest(); const url = "'https://jira.example.com/rest/"'; http.open("GET", url, true, username, my-api-token); http.withCredentials = true; http.send(); |
jQuery
Code Block | ||
---|---|---|
| ||
$.get("'https://jira.example.com/rest/"', { "auth" 'auth': { "user": "username", "pass": " 'user': 'username', 'pass': 'my-api-token"' } } ); |
Python
Code Block | ||
---|---|---|
| ||
r = requests.get("'https://jira.example.com/rest/"', auth=(username, my-api-token)) |
Java
Code Block | ||
---|---|---|
| ||
HttpClient client = HttpClientBuilder.create().build(); HttpPost post = new HttpPost("https://jira.example.com/rest/"); String encoding = Base64.getEncoder().encodeToString((username.concat(":").concat(my-api-token)).getBytes("UTF-8")); post.setHeader(HttpHeaders.AUTHORIZATION, "Basic " + encoding); HttpResponse response = client.execute(post); |
...