Announcement: Deprecation of basic authentication with passwords and cookie-based authentication in Jira Cloud REST APIs

auth
security
rest-api

#1

Hi everyone,

Today we published a deprecation notice for the usage of passwords in basic authentication requests for the Jira Cloud REST API and the “cookie-based authentication” mechanism.

I strongly recommend you read the full deprecation notice. In summary:

  • Basic authentication requests for Jira Cloud should use API tokens instead of Atlassian account passwords. This affects both API requests and non-API URIs.
  • Cookie-based authentication will be removed in the future. Basic authentication with API tokens is the recommended replacement.

In accordance with the Atlassian REST API Policy, support for both will not be removed for at least six months. The deprecation notice has links to ACJIRA tickets that we will use to provide updates on these changes. That said, we recommend you adopt these changes as soon as possible.

Regards,
Dave Meyer
Senior Product Manager, Jira Cloud


#2

#4

The link (http://id.atlassian.com) given to generate an API access token appears to specifically only work with Jira hosted instances. How do you generate an API access token for non Jira hosted instances? For example, if my jira instance was hosted at jira.companyx.com, is there a url I can go to for my instance to generate an access token? Does this have to be done by an instance admin, or is it not possible at all?

Thanks


#5

Hi @es1,

API tokens are a feature of Atlassian account, which is only used for authenticating to Atlassian Cloud products. For Jira Server and Jira Data Center, you need to use one of our supported Server API authentication methods: https://developer.atlassian.com/server/jira/platform/security-overview/