Select Page

Atlassian Organization API Security Controls

Feb 19, 2024 | Atlassian, Product Highlights

Atlassian Product Highlights and walkthroughs!

Alassian API Control 

Safeguarding sensitive data and ensuring the integrity of organizational systems are paramount concerns for businesses worldwide. As organizations increasingly rely on APIs (Application Programming Interfaces) to facilitate seamless communication between software applications and services, it becomes imperative to implement robust security controls to protect against potential threats and vulnerabilities. Recognizing this need, Atlassian offers a comprehensive set of API security controls within its organization framework, empowering businesses to fortify their digital infrastructure and enhance overall security posture.

 

Atlassian Organization API Security Controls

How is it important?

Understanding Atlassian Organization API Security Controls: Atlassian Organization API Security Controls encompass a range of features and functionalities designed to regulate access, monitor activity, and enforce security policies across the organization’s API endpoints. These controls serve as a critical line of defense against unauthorized access, data breaches, and other security risks that may arise from API interactions.

Key Components of API Security Controls:

  • The following authentication methods are supported for the Jira REST APIs:
  • Authorization Policies: Organizations can define granular authorization policies to restrict access to specific API endpoints based on user roles, permissions, and scopes. This helps prevent unauthorized actions and ensures that users have appropriate levels of access to perform their tasks.
  • Rate Limiting and Throttling: Atlassian Organization API Security Controls enable administrators to implement rate limiting and throttling measures to prevent API abuse, mitigate denial-of-service (DoS) attacks, and maintain optimal performance. By setting limits on the number of API requests per unit of time, organizations can effectively manage resource utilization and prevent API overload.
  • Audit Logging and Monitoring: Comprehensive audit logging and monitoring capabilities allow organizations to track API activity in real-time, detect anomalies, and investigate security incidents promptly. By logging API requests, responses, and errors, organizations gain visibility into API usage patterns and potential security threats, facilitating proactive risk management and compliance with regulatory requirements.

How To Set It Up

 

Accessing Atlassian Organization API resources and managing organization settings via admin APIs is facilitated through the use of API keys. These keys enable administrators to update organization settings with the organizations REST API and manage user accounts with the user management REST API. To create an API key for making requests to the API using the client of your choice, follow these steps:

  1. Navigate to admin.atlassian.com and select your organization if you have multiple.
  2. Click on “Settings” > “API keys.”
  3. Choose “Create API key” located in the top right corner.
  4. Provide a name for the API key that will help you identify its purpose.
  5. Optionally, adjust the expiration date for the key. By default, it expires one week from the creation date.
  6. Click “Create” to generate the API key.
  7. Make sure to copy and securely store the Organization ID and API key values as they will be required for API access. These values will not be displayed again.
  8. Select “Done” to complete the process. The newly created key will be added to your list of API keys.

Additionally, it is recommended to revoke any previous API keys accessible to former admins to enhance security measures. To revoke an API key, follow these steps:

  1. Visit admin.atlassian.com and select your organization if necessary.
  2. Navigate to “Settings” > “API keys.”
  3. Identify the API key you wish to revoke and select “Revoke” next to it.

These steps ensure that only authorized individuals have access to API resources, contributing to a secure organizational environment.

Further Set Up of API 

Now, you have the ability to manage members’ ability to make API calls using User API tokens within your organization’s products.

This new API token setting enables you to permit or restrict members from:

  1. Generating a new User API token for authentication.
  2. Utilizing an existing User API token for authentication.

To explore this API token setting:

  1. Log in to admin.atlassian.com.
  2. Choose the relevant organization, if applicable.
  3. Navigate to Security in the global menu.
  4. Access Authentication policies from the sidebar.
  5. Click on Settings.
  6. Select User API tokens.

Wrapping it up

Atlassian Organization API provides powerful tools for managing organizational settings and user accounts through the use of API keys. With the recent extension of API key length, Atlassian has enhanced security measures, ensuring keys are more secure and reliable. By following the outlined steps to create and manage API keys, organizations can effectively control access to API resources and safeguard sensitive data. Additionally, revoking any outdated API keys further strengthens security protocols. Overall, the Atlassian Organization API offers a robust solution for organizations to efficiently manage their Atlassian resources while prioritizing security and compliance.

If you found this useful check out this article from Atlassian too!

Thanks for visiting, click here to learn more about out our Atlassian Cloud Services!