Forums
Home Product Q&A Discussion groups Articles Ask a question Search
Learning
Events
Champions

Forums

Articles
Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Product Q&A
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

API Token for different user

Ludwig Bayerl
Ludwig Bayerl May 6, 2019

I understand how to create API tokens and how to use them to replace a password in a REST call - but this seems to work only for the admin user(s) of Jira? How to create an API token for a different user which has basic login/read/write access rights?

Answer
Watch
Like # people like this
12062 views

3 answers

1 accepted

1 vote
Answer accepted
Stephen Sifers
Stephen Sifers
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
May 7, 2019

Hello Ludwig,

Any user who is able to authenticate to an Atlassian cloud product should be able to create their own tokens for API and app usage. You will not be able to generate the token on behalf of the user, they will need to request the token themselves. Each user will have to follow these steps in order to create their own API tokens:

Create an API token from your Atlassian account:

  1. Log in to https://id.atlassian.com/manage/api-tokens.
  2. Click Create API token.
  3. From the dialog that appears, enter a memorable and concise Label for your token and click Create.
  4. Click Copy to clipboard, then paste the token to your script, or elsewhere to save:

Note:

  • For security reasons it isn't possible to view the token after closing the creation dialog; if necessary, create a new token.
  • You should store the token securely, just as for any password.

Source documentation: API tokens

I hope this proves helpful and your users are able to generate API tokens without issue.

Regards,
Stephen Sifers

View More Comments
Ian Russel Adem
Ian Russel Adem
Contributor
July 28, 2020

@Stephen Sifers  We have this scenario of which we have 1000 more users to be migrated in Jira cloud from differnt erp. Can Jira just allowed an administrator be able to generate the token on behalf of the users ? because if they will need to request the token themselves and Each user will have to follow these steps in order to create their own API tokens its not possible for us.We have custom app that required our customers to login and authentication is handled in our local db, once they are confirmed and logged in, they can now allowed to manipulate their resources/servicedesk/tickets.Our app making rest api call to Jira, so for them to authenticate, we will pass his/her related token to headers in every Jira request.For us to attached currenlty loggedin user their api token "behind the scene" we need to save their api tokens in local database.Thats why we need a feature that will allow our jira admin to create tokens in behalf of our customers/users and save it in our local database.

Like # people like this
Marlon Chalegre
Marlon Chalegre
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
Get involved
November 30, 2020

My user is a BOT, It could not log in and generate its API Key. How could I proceed?

Like # people like this
Jamie Schwartz
Jamie Schwartz
Contributor
March 23, 2021

I need this answer too. We need service accounts that have their own API tokens for integrations and I cannot login as those users to generate the API key so how do I create API key for another user?

Like # people like this
Padmaraj Thanepatil
Padmaraj Thanepatil December 18, 2021

@Marlon Chalegre  and @Jamie Schwartz  have you found any resolution to your queries, we are also looking for same. Let know for any solution on this.

 

Thanks,

Like
Marlon Chalegre
Marlon Chalegre
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
Get involved
December 19, 2021

I asked my IT to create a real user account to use as a BOT and then I logged in and got an API Token.  :(

Like # people like this
Padmaraj Thanepatil
Padmaraj Thanepatil December 19, 2021

Can we use this API token against different users activity in Jira ?

Like
Mark B Wager
Mark B Wager
Contributor
August 24, 2022

I know this is old, but thought it might be helpful to some (since I've just had to face all this with our migration to the cloud.)

Yes, @Marlon Chalegre . I do the same thing. I create a local user in Atlassian. Then I login as that user and generate the API token.

We also use Azure AD and Okta SSO to sync/control our users/groups in Atlassian Access, so that adds a level of complexity.

Here an example of what I do:

  1. Before I add the service account user to Azure AD syncing, I create an Atlassian account for the account (e.g., my-svc-acct@myemail.com) NOT Azure AD sync'd, but with an Atlassian password.
  2. Log in with an "incognito" window to https://id.atlassian.com/manage/api-tokens with the account and Atlassian credentials.
  3. Generate the API token
  4. Logout as that user (close the incognito window)
  5. Setup the service account user to sync in Azure AD.
  6. Setup the user in the correct Authentication Policy.
  7. Provide the service account user access to the specific projects it needs access to. Or, if more access is required, I add them to a group that has full access.

Hope this helps someone.

:) Mark

Like # people like this
Reply
1 vote
Amir Katz (Jira Admin)
Amir Katz (Jira Admin)
Contributor
October 4, 2023

Responding to @Oliver Siebenmarck _Polymetis Apps_ - thanks a lot for linking to the app. However, it is no longer free...

View More Comments
Oliver Siebenmarck _Polymetis Apps_
Oliver Siebenmarck _Polymetis Apps_
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
October 4, 2023

Hi @Amir Katz (Jira Admin) ,

Thanks for the hint, I've updated my post to reflect that. The app is still free for teams up to ten users, but not beyond that. 

Like
Reply
0 votes
Oliver Siebenmarck _Polymetis Apps_
Oliver Siebenmarck _Polymetis Apps_
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
August 25, 2022

Hi,

Since there still seems to be quite some interested in this topic and this thread in particular,  let me give the Marketplace-answer: There's an app for that – free for up to ten users, too!

Every API token created via https://id.atlassian.com/manage/api-tokens is tied to a specific user and inherits all the permissions of that user. So, if you really want to restrict what someone can do with an API token, you end up with a lot of technical users that have different permissions – which is not really all that manageable. 

API Token Manager for Jira on the other hand allows you to create time-limited API tokens that can be restricted on HTTP verbs and allowable REST endpoints. What does that mean? With our app, you can (for example) create API tokens that,

  • …can only read data. (HTTP GET)
  • …can only create new issue (but not read anything)
  • …can only interact with issues in one project
  • …that expire after a set time 

Anyway, hope that helps. I'm always interested in learning more about how people use the Atlassian APIs, so please reach out with any feedback or comments.

Best regards,
 Oliver

P.S. In case you hadn't guessed it yet, I work at Polymetis Apps the vendor behind this app. 

View More Comments
Michael Scholz
Michael Scholz October 19, 2022

Hello,

your app is not quite the right tool for me as a Jira Admin, because it still creates the API Token only connected to my Account.

What I need is to create an API Token for a technical User who has not logged in its Profile and create an API Token in the GUI.

So I am still waiting for a solution.

Greetings,

Michael

Like Rui Caldeira likes this
Oliver Siebenmarck _Polymetis Apps_
Oliver Siebenmarck _Polymetis Apps_
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
October 20, 2022

Hi @Michael Scholz ,

I'm sorry I wasn't quite clear on that, but the token created by API Token Manager is not connected to your account. Instead, the token is tied to the app itself.

To us, this distinction matters a lot: The token gets a set of permissions at creation and keeps those until it is revoked or it expires. Whether the user who created the token is off-boarded from Jira or looses permissions does not matter to that

Now, if you want an app that creates a token for an arbitrary user that is active in your instance: We cannot do that, mainly because the Atlassian platform does not allow us to create tokens tied to a user programmatically – for various reasons included security, I suppose.

But setting that aside, I am truly curious: Why would you want to do that? Wouldn't you end up with a lot of functional user who increase the actual count of users on your instance and thus produce a higher bill? Is there a benefit I am not seeing or do you have a specific regulatory constraint here?

Best regards,

 Oliver

Like
Michael Scholz
Michael Scholz October 20, 2022

Hello Oliver,

thank you very much for your reply. We have lots of different Teams which have their own technical users to make REST Calls against our Jira Instance in our company. Yes, it is very complicated as we used Jira on Premise and now we have started to migrate to cloud with about 200 Projects and about 4000 Users. With "Atlassian Access" we can declare technical users as non-billable, so they won´t count.

I am not very good when it comes to REST API, but I learned, that you have to authenticate a user with a combination of E-Mailaddress and API-Token, encoded with Base64 in a REST Call. At least I use it that way in Postman. So how do I authenticate only with that API-Token?

Greetings,

Michael

Like
Reply

Suggest an answer

Log in or Sign up to answer
Jira
Jira
TAGS
AUG Leaders

Atlassian Community Events

    See all events
    Community
    Forums
    FAQs Forums guidelines
    Learning
    About learning Resources
    Events
    Champions
    Copyright © 2025 Atlassian
    Privacy Policy Terms Security
    Welcome illustration

    Welcome to the new Atlassian Community

    Online forums and learning are now in one easy-to-use experience.

    By continuing, you accept the updated Community Terms of Use and acknowledge the Privacy Policy. Your public name, photo, and achievements may be publicly visible and available in search engines.