Block user API token access
Who can do this? |
By default, your organization's user API token access is set to allow. If this default isn’t changed, this means external users can make API calls with a user API token to access apps in your organization.
When you block user API token access for external users, they are unable to use a token to access apps through an app API, even if they previously used a token to access them.
When an external user makes a call to an app API, we let them know an admin blocked the token and to contact them to find out why. It’s not possible for anyone else to create an API token on behalf of a user. Users must create API tokens themselves. Users can create and manage their API tokens from Account settings, then Security, then Create and manage API tokens. They can check expiry dates and create API tokens with scopes, if required. Manage API tokens for your Atlassian account
Block or allow user API token access
To block user API token access:
Go to Atlassian Administration. Select your organization if you have more than one.
Select Security > User security > External users.
Select the policy you want to modify: External user policy or Test policy.
Choose API token access for external users.
Select Block.
Click Update to save your changes.
To allow user API token access:
Go to Atlassian Administration. Select your organization if you have more than one.
Select Security > User security > External users.
Choose API token access for external users.
Select Allow.
Click Update to save your changes.
As an organization admin, you can check API token activity logs by navigating to Atlassian Administration > Insights > API token activity.
Was this helpful?