Manage API tokens for service accounts

You can use an API token to authenticate a script with an Atlassian cloud app. You generate the token for your service account, then copy and paste it into a script. For each organization, you can create up to five service accounts for free. If you need more than five service accounts, consider a subscription to Atlassian Guard.

If you use two-step verification to authenticate, your script needs to use a REST API token to authenticate.

What is an API token?

API トークンの主要なユース ケースは、スクリプトが HTTP 基本認証を使用してアトラシアンのクラウド アプリの REST API にアクセスできるようにすることです。

使用する HTTP ライブラリの詳細によっては、パスワードをトークンで置き換えることができます。たとえば、curl を使用している場合、以下のようにします。

## URLs for API tokens with scopes for Jira and Confluence curl -v https://api.atlassian.com/ex/jira/{cloudId} --user bot@serviceaccount.atlassian.com:my-api-token curl -v https://api.atlassian.com/ex/confluence/{cloudId} --user bot@serviceaccount.atlassian.com:my-api-token

In this example, bot@serviceaccount.atlassian.com is the email address for the Atlassian account you're using to create the token. Remember that your cloud ID is not the same as your organization ID. Your cloud ID is for your specific Atlassian domain, such as your-company.atlassian.com. To find your cloud ID, look for the string after /s/ in your URL. It should look similar to this example: 1a11d016-8984-4c3e-b9ab-142dd06acb1b.

We use varied API token length rather than fixed length to ensure tokens are secure and reliable. If your script relies on a fixed API token length, check that it can handle a variable length.

API トークンのスコープとは

API tokens for service accounts use scopes by default. The scope for an API token defines the levels of access to data in your Atlassian apps. When you create an API token, you choose the access level for the API token. When you select scopes for the token, you give the token permissions to perform certain actions. You can only select scopes for Jira and Confluence.

You can allow APIs to view, write, and delete content in Jira and Confluence.

How to access the API

You need to use a base URL to make API requests: api.atlassian.com. Then you can construct a request to call the API for the app you’d like to access.

スコープ付き API トークンを作成する

API tokens with an infinite lifespan pose a data security risk. To improve data security, we set API tokens to expire in one year by default. When you create an API token, you can name it and set the expiration date for the token.

When you create an API token for a service account, the service account can authenticate and run scripts for the apps you give them access to. When you create a token you must select scopes for the token.

サービス アカウントの API トークンを作成するには、次の手順に従います。

  1. 移動 [アトラシアンの管理] に移動します。組織が複数ある場合は、対象の組織を選択します。

  2. Select Directory > Service accounts.

  3. Select the service account you want to create a credential for.

  4. [認証情報の作成] を選択します。

  5. Select API token, then select Next.

  6. Give your API token a name that describes what it does. Select an expiration date for the API token. Token expiration can be between 1 and 365 days. Select Next.

  7. Select scopes to determine what the API token can do in Jira or Confluence. Select Next.

  8. Review your API token, then select Create.

  9. [クリップボードにコピー] を選択してから、スクリプトにトークンを貼り付けるか、安全な場所に保存します。

You can't recover the API token after you’re done with this step. We recommend you save these best practices to keep your token safe:

  • API トークンをパスワード マネージャーに保存する。

You must create a service account before you can create a token for the service account.

API トークンを取り消す

When you revoke a token it no longer works and we permanently remove it from your account. If you revoke an existing API token, you can replace it with a new token. It takes up to 10 minutes for the token to be revoked.

API トークンを取り消すには、次の手順に従います。

  1. 移動 [アトラシアンの管理] に移動します。組織が複数ある場合は、対象の組織を選択します。

  2. Select Directory > Service accounts.

  3. Select the service account you want to revoke a token from.

  4. In Credentials, select Revoke for the token.

 

Notes about service accounts

  • Service accounts cannot be used for interactive login to the Atlassian Cloud UI.

  • Some features, such as group syncing from identity providers (e.g., OKTA), may not be available for service accounts.

  • Service accounts are subject to the same permission and scope requirements as regular users.

  • You can create up to five service accounts for free for each organization. If you need more, consider a subscription to Atlassian Guard.

さらにヘルプが必要ですか?

アトラシアン コミュニティをご利用ください。