Deprecation of basic authentication with passwords for Jira and Confluence APIs
As of June 2019, Atlassian Cloud users who are using a REST endpoint in Jira or Confluence Cloud with basic or cookie-based authentication will need to update their app or integration processes to use an API token, OAuth, or Atlassian Connect.
These changes are in line with a platform-wide update to help improve security for customers on our Cloud products.
Integrations may include:
Software or scripts that you’ve built which communicate with Atlassian Cloud APIs.
Other third-party applications that communicate with Atlassian Cloud APIs - note that apps from Atlassian Marketplace will have been updated by the Vendor who supports this app, but this is the responsibility of the vendor.
Communicating the changes to your users
However, as a site admin, if you’ve seen the flag message below it means that some of your users still need to update their app or integration to use API tokens to avoid breaking changes in your current processes.
In order to avoid breaking changes to your processes, you may want to use the text in the example below to communicate the necessary changes to those users who are unaware of these integration updates.
Atlassian Cloud sites have introduced support for API tokens to replace Atlassian account passwords for all Jira and Confluence APIs.
To avoid breaking changes to our current processes if you’re using a REST endpoint in Jira or Confluence Cloud with basic authentication, you’ll need to have updated your app or integration to use an API token, OAuth, or Atlassian Connect as soon as possible.
After June 5th, 2019 attempts to authenticate via basic auth with an Atlassian account password will return an
Invalid credentials error.