Forums
Home Product Q&A Discussion groups Articles Ask a question Search
Learning
Events
Champions

Forums

Articles
Create
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 
Product Q&A
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Service account vs API token?

JRodney Estrada
JRodney Estrada
Contributor
January 14, 2021

Hi Jira universe!

 

I was asked to create a Jira Cloud service account for reporting purposes. Which is better, safer, 'best practice'- a service account with most likely Jira-Admin access or an API Token? Can someone provide the pros & cons of each?

 

Thank you!

Answer
Watch
Like Be the first to like this
9042 views

3 answers

1 accepted

2 votes
Answer accepted
Joshua Sneed Contegix
Joshua Sneed Contegix
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
January 14, 2021

Hi JRodney,

The or portion of the question causes the service account and API token ideas to be combative, but that is not the case. An API token is linked to its creating user and will limit API permissions to the same permissions that user experiences in the UI. This means that "a Jira Cloud service account for reporting purposes" could have the create/edit permissions of its creating user without any need to have those permission.

I propose that you create a service account and use an API token created by that service account. This allows that service account to be granted "read only" permissions and only where they are needed. Cheers!

View More Comments
JRodney Estrada
JRodney Estrada
Contributor
January 14, 2021

Hi @Joshua Sneed Contegix ,

Interesting...

So I'll create an API token for use with the service account.

How do I customize the API token permissions?

Like
JRodney Estrada
JRodney Estrada
Contributor
January 14, 2021

Should I follow this documentation?

https://confluence.atlassian.com/cloud/api-tokens-938839638.html

Like
Joshua Sneed Contegix
Joshua Sneed Contegix
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
January 14, 2021

Hi Jrodney,

That article shows you how to create the API token. Customizing the token's permissions is done by changing the permissions for the API user, e.g. granting access to project XYZ to the service account will grant it the token created by the service account. Cheers!

Like
JRodney Estrada
JRodney Estrada
Contributor
January 14, 2021

Ok, now that makes sense to me. I think I understand it now.

Really appreciate the help! @Joshua Sneed Contegix 

Like
Kevin Ashton
Kevin Ashton
Contributor
October 4, 2022

So we cannot create API tokens with less scope than the original user which means we would need to create a new "service account" users (which in Jira are just regular users that consume full user licenses) each time we have a system that needs to use the Jira API?

Like • Oliver Siebenmarck _Polymetis Apps_ likes this
Oliver Siebenmarck _Polymetis Apps_
Oliver Siebenmarck _Polymetis Apps_
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
October 5, 2022

Hi @Kevin Ashton ,

Without an app, there is no way to create API tokens with reduced scope or an expiry date unless you create a service account with limited permissions for each API token.

Personally, I do not consider that to be a great approach for large companies or even small teams with a lot integrations. So we at Polymetis Apps came up with the API Token Manager app. It allows you to create API tokens that:

  • Are scoped to the instance the app is installed on
  • Can be limited by http verb (GET/PUT/POST/DELETE)
  • Can be scoped to specific REST endpoints
  • Are time-limited with a user-set expiry date
  • Can be revoked by the admin at any time

For example, you can create an API token that can only be used to create issue in one specific project and only until the end of the month.

Let me know if that is useful or what's missing – I'm really interested in any feedback here.

Best regards,
 Oliver

Like • 2 people like this
Kevin Ashton
Kevin Ashton
Contributor
October 5, 2022

@Oliver Siebenmarck _Polymetis Apps_  thanks, we'll take a look at your app for token management as well as it's security certifications.

Like • Oliver Siebenmarck _Polymetis Apps_ likes this
Reply
1 vote
Davin Studer
Davin Studer
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
January 14, 2021

I would say API token. An API token cannot log into the system. It can only access the API. I think that really is the biggest reason.

View More Comments
JRodney Estrada
JRodney Estrada
Contributor
January 14, 2021

excellent! thanks @Davin Studer 

Like
Reply
0 votes
Minh Nguyen
Minh Nguyen
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
Get involved
February 8, 2022

I need to create API token for a service account; however, it kept logged me in as my own account. Is there a way to "login" as a service account and create its own API token?

View More Comments
Joshua Sneed Contegix
Joshua Sneed Contegix
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
February 10, 2022

Hi Minh,
Try using s separate browser, incognito/private browsing mode, or browser tab groups/containers. Cheers!

Like • Oliver Siebenmarck _Polymetis Apps_ likes this
Reply

Suggest an answer

Log in or Sign up to answer
Jira
Jira
DEPLOYMENT TYPE
CLOUD
PRODUCT PLAN
STANDARD
PERMISSIONS LEVEL
Product Admin
TAGS
atlassian, loom, loom for training, loom for teaching, video training, async learning, online education, screen recording, loom tutorials, loom use cases, atlassian learning, team training tools, instructional video, virtual training tools

🛗 Elevate Your Training and Enablement with Loom

Join us June 26, 11am PT for a webinar with Atlassian Champion Robert Hean & Loom’s Brittany Soinski. Hear tips, stories, and get your burning questions answered. Learn how Loom makes training and enablement easier. Don’t miss it!

Register today
AUG Leaders

Atlassian Community Events

Community
Forums
FAQs Forums guidelines
Learning
About learning Resources
Events
Champions
Copyright © 2025 Atlassian
Privacy Policy Terms Security
Welcome illustration

Welcome to the new Atlassian Community

Online forums and learning are now in one easy-to-use experience.

By continuing, you accept the updated Community Terms of Use and acknowledge the Privacy Policy. Your public name, photo, and achievements may be publicly visible and available in search engines.