Close
View this page in your language?
All languages
Choose your language

API token controls in Atlassian Access

Cloud keychain with keys

What are API token controls?

API tokens allow a user to authenticate with cloud apps to retrieve data from the instance through REST APIs. Token controls enable admins to view and revoke the use of API tokens by their managed and external users.

Why use API token controls?

User API token controls provide admins with greater visibility and control over the user API token lifecycle, which improves their organization’s security posture. This includes:

  • Greater control over which users can access data via an API token
  • Greater visibility into which users are creating and revoking API tokens, allowing them to identify and address security threats resulting from bad actors

Learn how users can create and use an API token in Atlassian.

How it works

Admins can control whether managed users are allowed to create new user API tokens or use existing tokens by navigating to the API tokens setting under Authentication policies.

Admins are also able to view all active user API tokens associated with managed accounts within their organization in Atlassian Administration. This makes it easier for them to navigate to a specific user’s account details in managed accounts if they wish to revoke access.

Control whether users can authenticate with a user API token
Control whether users can authenticate with a user API token
View all active user API tokens for managed accounts
View all active user API tokens for managed accounts

For external users, admins can control whether they can create new API tokens or use existing tokens by navigating to External users under security.

Allow or block external users from accessing API tokens
Allow or block external users from accessing API tokens

Read our documentation on user API token controls here