Want to make sure of safe API Key Management in both Jira and Confluence Cloud? API Key Manager has got you covered with restricted, time-limited, and read-only API keys! Sounds great, right? But the best is yet to come: Unlike API tokens in the Atlassian Cloud, API keys created with this app only apply to one specific Jira or Confluence instance.
With our API Key Manager for Jira and Confluence, it's never been easier to create and manage API keys, making using the REST API of your Cloud instance more secure, and providing immense security gains for you and your team when working in Jira and Confluence – especially if you use technical integrations.
Now some of you may be wondering: Why would I need this app if I can also use the API tokens in the Atlassian Cloud?
Fair enough! But there are some essential differences between API keys and API tokens. By default, Atlassian tokens are always bound to a user and their rights and therefore inherit all their permissions on every instance. So, any token a user creates has all their rights not only in one instance but in all cloud instances on which the user is authorized.
With API Key Manager, you can create API keys that only apply to one specific Jira or Confluence instance and are limited to the instance where the app is installed.
And that's not all! Use API Key Manager to create keys that support the following features:
All API keys generated with API Key Manager for Jira and Confluence Cloud are temporary and valid for 30 days by default – after that period they automatically expire and need to be created again. Their limited lifespan allows you better control of how your instance's data can be accessed. In addition, keys can be revoked at any time, so you do not need to wait for their expiration.
You can further explicitly restrict what an API key can do by giving it a list of allowable API REST endpoints. This allows for very specific and single use-cases such as a key for creating a page or for reading only, or a key that can only act in a specific space. Anything is possible and independent of the rights of the person who created the key. It’s totally up to you.
API Key Manager allows you to pick which HTTP verbs are allowed for each individual key. For creating read-only keys you just create your key as normal and set GET as the only acceptable method. Easy, isn’t it? And yet so powerful!
Since Jira and Confluence's Cloud REST API diligently uses HTTP verbs, no GET request can manipulate data on your instance.
Keep your Jira and Confluence instances more secure by using time- and scope-limited API keys instead of usernames and passwords. Get API Key Manager for Jira Cloud now – it’s free for small teams of up to ten users.
If you have any more questions you can check out or documentation below or scheduel a meeting with our Lead Architect Oliver Siebenmarck here.
Documentation