Forums
Home Product Q&A Discussion groups Articles Ask a question Search
Learning
Events
Champions

Forums

Articles
Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Product Q&A
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

How to use Hashed or Encrypted password for accessing Jira rest API

Sohail Anwar
Sohail Anwar May 15, 2019

Hi all

      I am using Jira rest java client ( JRCJ ) library to access Jira software's rest API.

In simple or basic Authentication I am using email and password in plain form which I feel is not secure. and I think Jira rest sends all requested and responses encrypted or may be not.

But somehow I want to authentication with encrypted or hashed format .

So I want to know is there any way to send hashed/encrypted password or is there any atlasian utility to hash/encrypt password.

Best Regards, 

Answer
Watch
Like Be the first to like this
3468 views

1 answer

1 accepted

1 vote
Answer accepted
Daniel Eads
Daniel Eads
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
May 15, 2019

Hey Sohail,

Are you working against a Jira Cloud (yoursite.atlassian.net) or Jira Server (jira.yourcompany.com) instance?

In the case of Jira Cloud, we have moved away from passwords in basic auth to using authentication tokens. Details about how to use these with Atlassian Cloud are listed here. In short, you generate a new token from id.atlassian.com and use that in place of a password. The advantage to this is that you can have multiple tokens on your account (one per application) and they can be easily revoked! Jira Cloud interactions are all encrypted in transit as well.

On the Jira Server side, the recommended method for applications to interact with Jira is via OAuth. Details on how to configure an application with OAuth and Jira Server are available here. If you were using basic auth and just hitting the standard REST APIs as a user, it would use the password of the user account you're connecting with. Basic Auth doesn't provide any inherit encryption mechanism; the details are just encoded in base64 (hex format) when sending. This means that it's dependent on your Jira Server to only accept requests over HTTPS either behind a reverse proxy or serving HTTPS from Tomcat directly.

I hope that helps clear things up!

Cheers,
Daniel | Atlassian Support

View More Comments
Sohail Anwar
Sohail Anwar May 15, 2019

Thanks Deniel I understand it clearly.

  I thought first that token expires as session ends.

Like Stromos likes this
Reply

Suggest an answer

Log in or Sign up to answer
Jira
Jira
TAGS
AUG Leaders

Atlassian Community Events

    See all events
    Community
    Forums
    FAQs Forums guidelines
    Learning
    About learning Resources
    Events
    Champions
    Copyright © 2025 Atlassian
    Privacy Policy Terms Security
    Welcome illustration

    Welcome to the new Atlassian Community

    Online forums and learning are now in one easy-to-use experience.

    By continuing, you accept the updated Community Terms of Use and acknowledge the Privacy Policy. Your public name, photo, and achievements may be publicly visible and available in search engines.