Forums
Home Product Q&A Discussion groups Articles Ask a question Search
Learning
Events
Champions

Forums

Articles
Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Product Q&A
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Whats the most secure way to connect to Jira API?

Calvin
Calvin
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
June 28, 2023

Hi everyone, I'm interested in looking at the Jira API. I'm trying to keep it safe though by using two factor authentication for all logins.

When looking at the Jira API though, it seems like there is only the "Basic Authentication" which is just username+password? Is this correct? And it switches the API on for everyone, so its not even a one off case of skipping two factor for a single user.

It seems to be similar for PATs as well once you've logged in if its switched on anyone can create a PAT, and I can't just have one user be with limited access make a single PAT last 60 days. Instead it allows everyone to do this. And everyone will be able to make a PAT that allows them to update Jira without logging them in, in the future?

 

Answer
Watch
Like Sanjen Bariki likes this
521 views

1 answer

1 accepted

2 votes
Answer accepted
Sachin Dhamale
Sachin Dhamale
Community Champion
June 28, 2023

@Calvin  - You can use the Barrer token for authentication as well. 

Also you can create Oauth Integration for secure/ Oauth authentication Refer this 

Also you can use Bearer token for this refer this 

 

Accept the answer if it helps

View More Comments
Calvin
Calvin
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
July 2, 2023

Thanks so much for this mate.

Just to confirm. It looks like the Oauth Integration would work so that only certain users could have API access?

For the bearer token, do you know if its possible to lock it to a certain account? Or will everyone be able to create bearer tokens? The link seems to suggest its a global limit.

Like
Reply

Suggest an answer

Log in or Sign up to answer
Jira
Jira
TAGS
AUG Leaders

Atlassian Community Events

    See all events
    Community
    Forums
    FAQs Forums guidelines
    Learning
    About learning Resources
    Events
    Champions
    Copyright © 2025 Atlassian
    Privacy Policy Terms Security
    Welcome illustration

    Welcome to the new Atlassian Community

    Online forums and learning are now in one easy-to-use experience.

    By continuing, you accept the updated Community Terms of Use and acknowledge the Privacy Policy. Your public name, photo, and achievements may be publicly visible and available in search engines.