Hi Jira universe!
I was asked to create a Jira Cloud service account for reporting purposes. Which is better, safer, 'best practice'- a service account with most likely Jira-Admin access or an API Token? Can someone provide the pros & cons of each?
Thank you!
Hi JRodney,
The or portion of the question causes the service account and API token ideas to be combative, but that is not the case. An API token is linked to its creating user and will limit API permissions to the same permissions that user experiences in the UI. This means that "a Jira Cloud service account for reporting purposes" could have the create/edit permissions of its creating user without any need to have those permission.
I propose that you create a service account and use an API token created by that service account. This allows that service account to be granted "read only" permissions and only where they are needed. Cheers!
Interesting...
So I'll create an API token for use with the service account.
How do I customize the API token permissions?
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Jrodney,
That article shows you how to create the API token. Customizing the token's permissions is done by changing the permissions for the API user, e.g. granting access to project XYZ to the service account will grant it the token created by the service account. Cheers!
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Ok, now that makes sense to me. I think I understand it now.
Really appreciate the help! @Joshua Sneed Contegix
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
So we cannot create API tokens with less scope than the original user which means we would need to create a new "service account" users (which in Jira are just regular users that consume full user licenses) each time we have a system that needs to use the Jira API?
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi @Kevin Ashton ,
Without an app, there is no way to create API tokens with reduced scope or an expiry date unless you create a service account with limited permissions for each API token.
Personally, I do not consider that to be a great approach for large companies or even small teams with a lot integrations. So we at Polymetis Apps came up with the API Token Manager app. It allows you to create API tokens that:
For example, you can create an API token that can only be used to create issue in one specific project and only until the end of the month.
Let me know if that is useful or what's missing – I'm really interested in any feedback here.
Best regards,
Oliver
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
@Oliver Siebenmarck _Polymetis Apps_ thanks, we'll take a look at your app for token management as well as it's security certifications.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
I would say API token. An API token cannot log into the system. It can only access the API. I think that really is the biggest reason.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
I need to create API token for a service account; however, it kept logged me in as my own account. Is there a way to "login" as a service account and create its own API token?
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Minh,
Try using s separate browser, incognito/private browsing mode, or browser tab groups/containers. Cheers!
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Jira Product Discovery Premium is now available! Get more visibility, control, and support to build products at scale.
Learn moreOnline forums and learning are now in one easy-to-use experience.
By continuing, you accept the updated Community Terms of Use and acknowledge the Privacy Policy. Your public name, photo, and achievements may be publicly visible and available in search engines.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.