I am a JIRA admin, I need to know which of my users is accessing JIRA through the API, and by what method they are using (Basic Auth, OAuth, etc), so I can properly inform them of some upcoming migrations and changes. What’s the best way to gather this information?
Since JIRA’s user interface is sending requests to the REST API, too, basically every user is implicitly using it and it may be a bit tricky to divide API-only users from “normal users”.
Afaik, you can’t even configure REST API permissions: https://jira.atlassian.com/browse/JRASERVER-42122
If you are not referring to JIRA’s public API but your own plugin’s REST interface, things might be easy, since you could implement an aspect, which is tracking active users for you. Or you could implement a plugin specific authorization mechanism, which allows you to make definitions about who has access and should be informed (no matter if they are actually active or not).
In case you are talking about general JIRA updates, just inform everybody. This might be appropriate anyway.
You might want to ask this question over at community.atlassian.com since this is more atlassian-product-user focused (instead of app development).
That said - go for the logs. Grep in your jira instance http access logs for /rest (you might have to enable it in the logging area). This will give you anyone accessing the rest api and their username.
As far as, who’s using basic oauth versus other mechanism - I’m not sure - you could look for the oauth acceptance end point and grep for it?