Forums
Home Product Q&A Discussion groups Articles Ask a question Search
Learning
Events
Champions

Forums

Articles
Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Product Q&A
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

API Token monitoring

Mike
Mike
Contributor
March 11, 2023

Hello,

As a user on Jira Software Cloud, they can create API tokens to fetch data via Jira Rest API.

Atlassian has no way to control this generation of API tokens, the least we expect is that the API tokens could have been created only by Site admins, but it is not so.

Is there a way, we can at least monitor the number of tokens  created on the whole? who is using these tokens? what volume of data is fetched using these tokens?

Please suggest a way to handle this issue.

Thanks!! 

Answer
Watch
Like # people like this
1447 views

1 answer

0 votes
Sunny Ape
Sunny Ape
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
March 12, 2023

Hello @Mike 

This question comes up on a regular basis and, sorry to answer a question with a question but... why on earth would you care?

The REST API tokens are directly associated with your users and don't give them any 'magic powers' outside of what they already have, so why care about their usage? The REST API is just another way of achieving the same result as the GUI, just programmatically.

Next, with regards data 'volume', your Jira Cloud license is based on user count, not data usage, and the performance of the platform is unaffected by how much data is used anyhow... so why care about it? Also, REST API requests are rate limited, so any errant users try to do stoopid things are constrained anyhow.

So, from a Jira Cloud admin's perspective, there is no 'issue' to handle, as nothing is being damaged or degraded and all usage is properly constrained.

View More Comments
Mike
Mike
Contributor
March 19, 2023

@Sunny Ape we have huge user base like 20,000/-, so some users are curious in building their own tools to make their life easier.

Before you say, "Why on earth would you care?", trust me its a big deal for us to ensure users follow a certain process and not deviate from it. And last think i want is that, users have their own way of managing issues and making a mess. Reading data for metrics, is another big thingy, with this use case, we have observed users triggering crazy number of API's every second.

Also, my fear is that we shouldn't breach the limitations & quota for API calls from the this article.

Btw, its stupid not stoopid..

Like Asish Sinha likes this
Sunny Ape
Sunny Ape
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
March 19, 2023

@MikeI've not been an admin of an instance with that many users, but I've worked with admins who are, and had the same mindset as you with regards some users using the REST API to do things 'out of process'.

When this topic came up, we discussed it and asked ourself WHO is using the REST API and WHAT are they doing with it. We did a survey and found that only about 1-2% of the staff have the skills to interact with the API. 75% of those were using it to get data for business reporting and the remaining 25% were putting / posting data to just create content faster than using the GUI. Based on this, we came to the following conclusions:

1. The people using the API are using it for legitimate business reasons

2. If they do trigger too many request, they being rate limited

3. Their actions don't cost a single cent more to the license or make a scrap of difference to the platform's performance for the other users

4. If they do make a mess, it's their mess to clean up

So, ask yourself the same questions and if still think there is a genuine problem that warrants your time and effort to curtail, then that's your prerogative.

PS. The link your provided was for Forge. If your users are building in Forge they are very advanced indeed, but Forge is still bounded by the underlying Cloud Platform rate limits too.

Like
Reply

Suggest an answer

Log in or Sign up to answer
Jira
Jira
DEPLOYMENT TYPE
CLOUD
PRODUCT PLAN
PREMIUM
TAGS
AUG Leaders

Atlassian Community Events

    See all events
    Community
    Forums
    FAQs Forums guidelines
    Learning
    About learning Resources
    Events
    Champions
    Copyright © 2025 Atlassian
    Privacy Policy Terms Security
    Welcome illustration

    Welcome to the new Atlassian Community

    Online forums and learning are now in one easy-to-use experience.

    By continuing, you accept the updated Community Terms of Use and acknowledge the Privacy Policy. Your public name, photo, and achievements may be publicly visible and available in search engines.