Last updatedMay 5, 2020

Rate this page:

Deprecation notice - Basic authentication with passwords

The deprecation period for this functionality has ended. From June 3rd, 2019, we will be progressively disabling the usage of this authentication method.


If you are using a REST endpoint in Confluence with basic authentication, update your app or integration to use API tokens, OAuth, or Atlassian Connect.


Atlassian has introduced support for API tokens for all Atlassian Cloud sites as a replacement for basic authentication requests that previously used a password or primary credential for an Atlassian account.

Basic authentication with passwords is now deprecated and will be removed in 2019 per Atlassian REST API policy.

What is changing?

If you currently rely on a script, integration, or application that makes requests to Confluence Cloud with basic authentication, you should update it to use basic authentication with an API token, OAuth, or Atlassian Connect as soon as possible.

Learn more about creating API tokens.

Why is Atlassian making this change?

Using primary account credentials like passwords outside of Atlassian's secure login screens creates security risks for our customers. API tokens allow users to generate unique one-off tokens for each app or integration. If needed, users can easily revoke API tokens.

Furthermore, as customers adopt features like two-factor authentication and SAML, passwords may not work in all cases. Atlassian designed API tokens as an alternative for Atlassian accounts in organizations that use these features.

Which APIs and methods will be restricted?

For the following APIs and pages, all requests using basic authentication with a non-API token credential will return 401 (Unauthorized) after the deprecation period:

  • Confluence Cloud public REST API
  • All Confluence Cloud web pages

Rate this page: