Hi Roman,

Thank you for sharing, however, please keep in mind the Vendor Guidelines, specifically:

No necroposting: Aka, no "raising threads from the dead." In general, avoid posting on old threads (six months or more old) simply to promote your products.

If you notice a recent thread can be solved by your add-on, please feel free to share!

Thank you for your understanding.

Regards,

Shannon

Hi Shannon,

Regardless of outdated question (more than six months), it is still actual and JRASERVER-67869 still not resolved.

However, if you find my commend inappropriate please remove it because I haven't found the "Delete" button.

Btw, thanks for the Vendor Guidelines link!

Best Regards,

Roman

Hello Roman,

Don't worry, you don't need to delete your reply.

I do not consider this thread to be outdated, as you mentioned, but it has not had activity on it for over 6 months. When sharing your add-on as a solution, just be sure not to do so on threads which haven't had activity for 6 months or longer. 

The feature request JRASERVER-67869 is still active, so please feel free to share your solution there; it has potential to reach more people.

Let me know if you have any questions about that.

Regards,

Shannon

Hi @Ankit 

Thank you for your contribution here however, I'd like to remind you of our Atlassian Community Online Guidelines for Marketplace Vendors, particularly on necroposting:

No necroposting: Aka, no "raising threads from the dead." In general, avoid posting on old threads (six months or more old) simply to promote your products.

Please be sure when promoting your products, the thread has had activity within the last 6 months, or it is considered necroposting.

Thanks for your understanding!

Cheers, 

Darline

the questions are very clear

1. How to get API token in local Jira Server. or self-hosted JIRA.

Or

2. What will be the URL in my locally installed Jira Server for going to the page id.atlassian.com given in the above image?

Hassan,

It is not possible to generate API tokens in Jira Server.

1. As mentioned earlier, in order to authenticate, you need to use OAuth, Basic, or Cookie-based authentication, depending on what you're trying to do. I have linked those above if you are not familiar with those methods.
2. Therefore, there is no URL in your locally installed Jira Server to go to the page above. The page above is for Jira Cloud only.

Let me know if you have any questions.

Regards,

Shannon

Hi,

Is there any versions of Jira server that is going to allow for API tokens?

Cheers,

Gaj

Hi Gaj,

Not in the near future, but I've raised a feature request for this below that you're welcome to vote on and comment with your usage case:

• JRASERVER-67869

Regards,

Shannon

Thank you Shannon. Is basic auth going to be deprecated on Jira server too or it will only be done once API tokens are available on Jira (and Confluence) servers too? 

Gaj,

Which product are you referring to that had basic auth deprecated? The original post was regarding plain passwords being sent over basic authentication, but not basic being deprecated entirely.

At this time it's only possible to generate an API token on our Cloud apps. We do not have plans in our upcoming roadmap to implement the token system in Server. You're welcome to vote on the request above to help show the team that there is an interest in this feature.

I'm not able to speculate on what would happen if this were to occur. However, I do not foresee this happening since basic authentication is still possible in Cloud apps.

If you wish to authenticate Jira Server API, our recommended usage of Basic Authentication is outlined from our developer site.

Regards,

Shannon

Wow this seems like a significant oversight :(

This essentially forces the user to 

1. Introduce significant security risks by having to
   1. Use clear username/passwords
   2. Create a "special system" (dummy) user
2. Increase cost by reducing integration options and creating specialist integration points
   
   1. Requiring an "OAuth-compliant web application" <-- i.e. not using Excel or a script 
   2. Writing a fully fledged plugin
3. Migrating your data and paying for JIRA Server
   1. This feels like a forced option and is in danger of being perceived as manipulation of buying choices by deliberate user frustration

@Shannon S https://developer.atlassian.com/cloud/jira/platform/deprecation-notice-basic-auth-and-cookie-based-auth/ talks about deprecating basic auth in Cloud. I'm on Jira & Confluence server editions. 

Hi Gaj,

Thank you for pointing that out to me! I hadn't heard this and I'm not on the developer site nearly enough so I wasn't aware of the changes. I've submitted your concern now via the feature request I sent you earlier.

I created one as well for Confluence just now:

• CONFSERVER-57389

Please also vote on that and comment with your feedback. It will greatly help us.

@Rob Pointer, if you could do the same, by providing your feedback directly on the feature request. The development team will be able to see your feedback right from the feature request and address any concerns with the implementation of such a feature.

Regards,

Shannon

Hi Shannon,

I voted for the two tickets, would it also be possible to create a ticket for bamboo?

I'm using server version of Bamboo, Jira, Bitbucket and Confluence, and having some consistency on the API would be of great help.

Currently only Bitbucket server has the token.

Thanks,

Nicolas H.

Hi Nicolas,

There's actually already a case for Bamboo; you can vote for it here:

• BAM-12095 Provide token based access to Bamboos REST API

Thank you for reaching out!

Regards,

Shannon