Last updated Apr 4, 2023

Basic auth for REST APIs

This page shows you how to allow REST clients to authenticate themselves using basic authentication with an Atlassian account username and API token.

Basic authentication is not as secure as other methods. We recommend using it for scripts and manual calls to the REST APIs. Otherwise, consider building an app:

Forge apps use more secure methods for authentication: OAuth 2.0. In addition, authentication is built into Forge, so you don't need to configure it. For more information, see Security for Forge apps.
Apps created in the developer console can use OAuth 2.0 authorization code grants (3LO), which is also more secure than basic auth.

Overview

The Forms REST API is protected by the same restrictions which are provided via Jira Service Management's standard web interface. If you log in and do not have permission to view something in Jira, you will not be able to view it using the Forms REST API either.

In most cases, the first step in using the Forms REST API is to authenticate a user account with your Jira Service Management instance. Any authentication that works against Jira Service Management will work against the Forms REST API. This page provides a simple example of basic authentication.

Get an API token

Basic auth requires API tokens. You generate an API token for your Atlassian account and use it to authenticate anywhere where you would have used a password. This enhances security because:

you're not saving your primary account password outside of where you authenticate
you can quickly revoke individual API tokens on a per-use basis
API tokens will allow you to authenticate even if your Atlassian Cloud organization has two-factor authentication or SAML enabled.

See the Atlassian Cloud Support API tokens article to discover how to generate an API token.

Using Postman

You can use Postman to make calls to the Forms REST APIs using basic auth.

Use your Atlassian email as your username and API token as your password.