認証と承認
The Atlassian Rovo MCP Server uses OAuth 2.1 as its primary authentication mechanism, providing a secure and standardized way for users to authorize access to resources via an interactive consent flow.
In addition, if enabled by your organization admin, MCP supports authentication via API token for machine‑to‑machine and other non‑interactive scenarios (for example, backend services, CI/CD pipelines, bots, and automated agents). Authentication via API token lets MCP clients authenticate without a browser‑based OAuth consent screen, using:
Personal API tokens (Basic auth)
Service account API keys (Bearer tokens, where available)
OAuth 2.1 remains the recommended option for interactive, user‑driven scenarios. We recommend using authentication via API token only for non‑interactive or machine‑to‑machine use cases.
Supported authentication methods
Authentication method | 説明 | Auth headers |
|---|---|---|
OAuth 2.1 | Full OAuth flow that’s interactive with token validation and user context enrichment |
|
apiToken | Authentication via API token that’s non-interactive and using:
This method is only available if enabled by your organization admin. |
|
Choose the right authentication method
Use OAuth 2.1 authentication when:
A user is present and can complete an interactive consent flow
You want fine‑grained, user‑level consent and context
You are building interactive apps or integrations
See Configuring OAuth 2.1 for more details.
Use authentication via API token when:
No user is present (for example, backend services, CI/CD, bots)
You need non‑interactive, machine‑to‑machine authentication
You can manage API tokens or service account keys securely (rotation, storage, audit)
If your organization admin has disabled authentication via API token, MCP clients won’t be able to connect and will need to use OAuth 2.1 instead.
See Configuring authentication via API token for more details.
Need help? Contact Atlassian Support or visit the getting started guide.
この内容はお役に立ちましたか?