NOTE: Are you a Red Hat associate then go here.

Atlassian Jira 8.20.x supports Personal Access Token to authenticate user accounts via API. Personal Access Tokens is a secure way to use scripts and integrate external applications. Red Hat Jira (issues.redhat.com) is adopting Personal Access Tokens over Basic Authentication, which passes the Username and Password to the application every time.  Basic Authentication will be decommissioned as of and will no longer be available to use with Red Hat Jira. 

Please review Personal Access Token - FAQ for more information

Create a new token (UI):

  1. Log in to Red Hat Jira (issues.redhat.com)  and select your profile picture at the top right of the screen. Then from the left panel, choose Personal Access Tokens. 
  2. Select Create token.
    1. You can give your new token any name you want.
    2. (Optional) If you want, you can set your token to expire after a set number of days automatically. Please note, Once the Personal Access Token expires, you can't reactivate it. You must create a new token. 
  3. Click Create. Please copy the token and store it in a safe space. You won't be able to see your token once you click Close.



Create a new token (API):

Send a POST HTTP request with the following body:

{
    "name": "tokenName",
    "expirationDuration": 90
}


You can define the number of days for which your token will remain valid through the expiration duration parameter.

to the following address:

https://issues.redhat.com/rest/pat/latest/tokens

In response, you'll receive the Personal Access Token (PAT). 

Using token:

To use a Personal Access Token for authentication, you have to pass it as a bearer token in the Authorization header of a REST API call. For example: 

curl -H "Authorization: Bearer <yourToken>" https://issues.redhat.com/rest/api/<api parameters>


Note: Please note that the Personal Access Token can only be used as it is. If it is encoded (with base64 or any other encoding method) then the token won't work as expected and authentication won't work.


Remove token:

If, for any reason, you need to revoke your Personal Access Token, you can do it quickly from the Red Hat Jira application: 

  1. Log in to Jira and select your profile picture at the top right of the screen. Then from the left panel, choose Personal Access Tokens. 
  2. Select Revoke next to the token you want to delete.
  3. Confirm your choice.