API tokens are revoked automatically when used in public spaces

Platform Notice: Cloud Only - This article only applies to Atlassian products on the cloud platform.

Summary

When you create an API token from https://id.atlassian.com/manage-profile/security/api-tokens and use/mention it in a code repository, the API token is revoked after a short while from your profile.

Environment

Jira Cloud

Cause

The repository where the API token is mentioned is a public repository. Atlassian periodically scans public repositories to identify any tokens from Atlassian accounts and revokes them as a security measure. Tokens directly mentioned in public repositories can be accessed by external users and can be abused, thereby, causing harm to your site data and its performance.

Solution

  1. Check your email confirming that it was Atlassian that removed your token. You should see a similar email in your inbox

(Auto-migrated image: description temporarily unavailable)

2. Make your code repository is private or use the API token in a file that is not accessible publicly.

Updated on April 8, 2025
Platform
Cloud only
Products
Jira Software Cloud
Jira Service Management Cloud
Confluence Cloud
On this pageSummaryEnvironmentCauseSolution

Still need help?

The Atlassian Community is here for you.
Ask the Community