Hi Team,
I am trying to integrate Jira cloud in my web application(Java as a backend) using API Token method.
While exploring this approach I found that in order to use API Tokens I have to use basic authentication and use API Token instead of password in it. (as basic authentication with username and password is deprecated. So it is suggested to use basic authentication with username and API Token -Correct me if i am wrong).
Apart from this I have below queries regarding API Token
- Once I as a user generated an API Token, How long this token will be valid? (when will it get expired?)
- On API Token creation page Atlassian account
what does this below sentence means?
You can only create a maximum of 25 tokens at a time
(Is there any limit of token creation for user?)
- Is there any recommended library to use Jira Cloud rest api using API Token with java
Thanks In advance…!
Welcome to the Atlassian developer community @prafful_nikam,
I confirm that API tokens are used with HTTP basic authentication.
Once I as a user generated an API Token, How long this token will be valid? (when will it get expired?)
Currently, API tokens do not expire.
Is there any limit of token creation for user?
Yes. Currently, the limit is 25 tokens.
Is there any recommended library to use Jira Cloud rest api using API Token with java
No. Any HTTP library in Java can support basic auth. Atlassian does not have a recommendation about which one to use.
Thanks a lot @ibuchanan,
So using API Token with basic authentication is not deprecated way, hence we are proceeding with this approach.
(I hope atlassian is not thinking about deprecation of this approach)
I have some doubts about API Token such as,
You said that
Currently, API tokens do not expire.
What will happen if I did create one API token, used that token somewhere to access apis
but for some reasons, I had to generate another API token. So in this specific case what will be the status of my earlier created token?
Will earlier created API Token be valid after creation of another token?
What if I did create all 25 tokens? will I not be able to generate API Token again?
(This might be very rare scenario, just asking for information)
Thanks.
@prafful_nikam,
Maybe a visual will help:
Here, I have 3 current API tokens. I have created many more than 25 in my time at Atlassian. Once an API token is created, it does not expire with time, but I can use the “Revoke” action which will invalidate the token and return one of the 25 “slots” to me.
Labels are free text, but for my own sanity, I label my API tokens by where I put them (like I do with SSH keys and other access tokens). So, I can clearly have multiple API tokens at the same time, typically used in different applications on different systems. Creating a new one does not expire the old one automatically. Again, I would have to revoke a token to reclaim it.
I’ve never needed 25 API tokens at once but I’m sure if I did, it would just be lazy for me not to revoke an old one so that I can create a new one again.
Thanks @ibuchanan for your valuable guidance.
