-
Suggestion
-
Resolution: Fixed
-
42
-
API tokens can be generated for each Atlassian Account to be able to use with Jira and Confluence cloud APIs. At the moment, the tokens do not expire unless revoked by the end-user or by the org admins.
Suggestion:
Provide a life span for any new API tokens that are generated. (ie. 1 week, 1year, unlimited) for an Atlassian Account.
[ID-7825] API token expiration - Provide a life span for any new API tokens
You are absolutely right, my fault as I read they had implemented for 1 year but I didn't check the feature in my organization yet.
Many thanks for letting me know 
ca2db7ee88a8 but you can do this right now. You can choose token lifespan up to 1 year.
FORGET ABOUT THIS COMMENT, THIS IS NOW ALLOWED
In my opinion you should allow users to setup the expiration, whether if it's 1 year, 6 months, 1 month. There could be several options (3 or 4) to pickup but at least something better than just 1 year expiration that does not meet the security requirements for many companies.
Is not this already solved? I see that I have to set a lifespan for new API tokens. The lifespan cannot be longer than a year. And, what is not good in my opinion, there is no way to set 'no expiration' tokens.
The ability to set a limited lifespan for user Basic Auth API tokens would be useful for a number of reasons.
Also, for organizations with managed users, the ability to set the duration of API tokens via a global organization wide policy would also be a nice security bonus.
Cant access the last comment, but has there been any update on this?
That makes sense, thanks very much for explaining ce1cce14423c. I have reopened this ticket.
Hi Anush. I have just come across this so sorry if I have missed the boat. I don't actually think this meets the requirements. Personally this goes beyond the specific admin API tokens. This is also about being able to provide token expiry on OUR users that use our site. It isn't always a good idea to have open ended tokens.
I've set this request to Closed. This is as per:
After December 15, 2024, by default we set new API tokens to expire in one year. When you create an API token, you can set the expiration date to be from 1 day up to one year.
Beginning February 12, 2025, we will limit the lifespan of your current API tokens. Your API tokens will expire in one year.