API tokens are revoked automatically when used in public spaces

 

Platform Notice: Cloud - This article applies to Atlassian products on the cloud platform.

   

Summary

When you create an API token from https://id.atlassian.com/manage-profile/security/api-tokens and use/mention it in a code repository, the API token is revoked after a short while from your profile.

Environment

Jira Cloud

Cause

The repository where the API token is mentioned is a public repository. Atlassian periodically scans public repositories to identify any tokens from Atlassian accounts and revokes them as a security measure. Tokens directly mentioned in public repositories can be accessed by external users and can be abused, thereby, causing harm to your site data and its performance.

Solution

  1. Check your email confirming that it was Atlassian that removed your token. You should see a similar email in your inbox










     2. Make your code repository is private or use the API token in a file that is not accessible publicly.




Last modified on Sep 8, 2023

Was this helpful?

Yes
No
Provide feedback about this article
Powered by Confluence and Scroll Viewport.