Are there any good reasons (e.g., better mgmt for jira admins, better user experience) that any knows to go with Basic Auth (API Tokens) over OAuth 2 / 3LO authentication?
I only ask because I see many products (like ProductBoard) that still use API Tokens so want to make sure we’re not missing anything
I can say the official Atlassian answer is that we wish Apps would use OAuth instead of API Tokens. In the developer guide on auth options and tradeoffs, a significant note is “OAuth 2.0 (3LO) is currently not available for Jira Software.” That means simple things about issues are fine (covered by the Jira Platform but things like boards, sprints, and epics are not. Reading the guide, you might think that’s the one exception but threads here in the developer community indicate OAuth coverage is spotty. For example, a recent thread reveals attachments are not covered (although the thread focuses on Confluence, I’m pretty sure the underlying “media service” is shared by Jira and thus a blocker there too).
All that to say that I would flip the question around. Given our intent to favor OAuth, please let us know if you are building an App and can’t find any option better than API Tokens.