A service account is a special type of Data Center account that isn’t tied to a person. Instead, it represents a service, integration, script, or app that needs to access Jira, Confluence, or other Data Center products.

Unlike user accounts, service accounts:

• Authenticate using OAuth 2.0 (no passwords required).

• Can be created and managed through the UI or REST APIs.

• Are managed in the same way as user accounts.

The UI is the recommended way to manage service accounts, but REST APIs are available for automation and integration.

Service accounts and OAuth 2.0

Service accounts use the OAuth 2.0 client credentials flow for secure, passwordless authorization when accessing Data Center products.

• When you create a service account, you’ll receive a client ID and client secret.

• These credentials let you request an access token.

• The token is then used to authenticate API requests.

Requesting an access token

Make a POST request to the token endpoint, using the following parameters:

• grant_type: Set this to client_credentials.

• client_id: The client ID of the service account.

• client_secret: The client secret of the service account.

• scope: The space-separated list of scopes for which the access token is requested.

Here’s an example request:

curl -X POST https://your-dc-instance/rest/oauth2/latest/token \ -H "Content-Type: application/x-www-form-urlencoded" \ -d "grant_type=client_credentials" \ -d "client_id=YOUR_CLIENT_ID" \ -d "client_secret=YOUR_CLIENT_SECRET" \ -d "scope=YOUR_SCOPES"

The response includes an access token, valid for a limited time (usually 1 hour).

• Refresh tokens are not supported.

• When the token expires, request a new one using the same credentials.

Using the access token in API requests

curl -X GET https://your-dc-instance/rest/some-endpoint \ -H "Authorization: Bearer YOUR_ACCESS_TOKEN"