Hi,
Base on this topic
Is this guideline specifically referring to the Jira API token, or does it also apply to any tokens generated by our own app?
In our case, we are currently asking users to provide both:
- Their Jira API token, and
- A token generated by our own app,
in order to use a particular feature.
Could you please advise what actions we should take to ensure compliance?
Regards,
Hung
Hi @HungTranManh, the security requirement is regarding Atlassian user API tokens. Your app cannot request/store Atlassian user API tokens.
Hi @nmansilla ,
So, based on the solution mentioned in the document, we should provide OAuth 3.0 to ensure it complies with the policy, right?
And when is the deadline for this need to be applied to our app?
Regards,
Hung
Hi @nmansilla , could you help me to clarify this?