What are API Tokens?

API tokens are long strings of randomly generated characters that can be used instead of passwords when users access protected APIs.

What is basic authentication in the context of Atlassian APIs?

Basic authentication is the traditional method for authenticating into applications with user credentials. In other words, entering your username and password to log into Jira.

Users who want to utilize the Jira, Confluence, and Bitbucket APIs also need to authenticate as part of the API calls and can do so with basic authentication. However, that’s not a best practice, since strong passwords are not enforced, passwords don’t come with an expiration date or scope and you also can only create one password per user.

How do I use an API Token?

In your API calls, simply place the API Token where your user password would go. You can see different examples here.

Can API Tokens be shared?

The short answer is no. Since it replaces a password, each API token is solely associated to the user holding that password. Additionally, it is generally recommended to have a different token for each API connection. This minimizes security risks and allows revoking compromised tokens without affecting any other scripts, connections or automations created by the same user.

For which Atlassian products is API Token Authentication available?

API Token Authentication is available for Jira Server, Jira Data Center, Confluence Server, Confluence Data Center, Bitbucket Server, and Bitbucket Data Center.