Currently, API tokens in Jira Cloud inherit all permissions of the associated user account. It would be extremely helpful to allow the creation of API tokens that are restricted to one or more specific projects. This would enable safer integrations and automations, as tokens would only have access to the projects they actually need.

Benefits:

• Increased security through the principle of least privilege

• Better control over integrations and external tools

• Easier management of project-level access rights

Example:
When creating an API token, the user can select which projects the token should have access to.

 

Thank you!