As shown in the image below, you can Restrict API Authentication, which enforces REST API authentication on all incoming requests to the REST API. The response to invalid credentials will be HTTP 401 UNAUTHORIZED. The Complete Lockdown will block all requests not containing valid API tokens and will break existing functionality if it is not applied with care (for instance, locking down the entire REST API will also compromise Jira’s internal queries to its REST API). The intention of the complete lockdown is for the case when you have a specific resource that is very sensitive. You may also customize an error message that will come in the response message to clients that have received an HTTP 401 UNAUTHORIZED due to their credentials not matching a valid API token.
Restricted REST API paths
You can secure your REST API by restricting a list of endpoints to only accept API tokens as the authentication method.
When your chosen REST endpoint paths are specified in your configuration, the only way to authenticate with these endpoints is using API tokens.
Open REST API Paths /client IPs
You can open any of the restricted REST API paths above by adding paths and possibly client IPs to open. Leave the IP address empty to open a path for all client IPs. This will allow other authentication mechanisms than API tokens for the specified open REST paths and client IPs.