/
API Tokens

API Tokens

Child pages:

This page contains:

API tokens allow remote agents to establish personalized integrations with Atlassian applications and installed third-party apps.

 

More secure than HTTP Basic Auth

API Tokens have several benefits over traditional basic auth, including:

  • You can easily expire or regenerate unique tokens without affecting the user's account password.

  • Users can create multiple tokens targeting different integrations.

  • Suitable in SSO environments where users have no passwords in the Atlassian user directories.

Minimal changes are required if you want to replace existing basic auth integrations with API tokens, as you only need to replace the passwords with a token value. Kantega SSO Enterprise also allows you to disable HTTP basic auth integrations altogether.

Remember that the API tokens grant access to make requests on behalf of a user, and these values should be considered as sensitive as passwords. They should not be shared or distributed to untrusted parties. All requests should also use HTTPS endpoints.

Manage API tokens

Admin users can manage tokens by opening the Kantega SSO configurations, select the API tokens tab and click Basic configuration. You can also manage API tokens programatically using the REST API.

 

Security control


Admins can restrict and control the usage of API tokens in terms of:

  • IP restriction: Manage IP ranges for clients that are allowed to authenticate with API tokens. You can both enable and disable tokens for specific IP ranges. Read more about IP restrictions.

     

  • User permissions: Manage whether non-admin users should be allowed to create API tokens. You can even assign such permissions to specific groups and specify the maximum lifetime of tokens.

     

As an admin, you will be able to see all API tokens, also those created by other users.

Given the restrictions in the image above, only certain users that are members of token-users are allowed to create tokens, and the maximum duration they can set is 90 days.

 

Create tokens

When non-admin users are allowed to create API tokens, they will find a Manage API tokens link in their top-right user menu (as shown below)


To cr