Atlassian has introduced support for API tokens for all Atlassian Cloud sites as a replacement for basic authentication requests that previously used a password or primary credential for an Atlassian account, as well as cookie-based authentication.
Basic authentication with passwords and cookie-based authentication are now deprecated and will be removed in 2019 in accordance with the Atlassian REST API policy.
If you currently rely on a script, integration, or application that makes requests to Jira Cloud with basic or cookie-based authentication, you should update it to use basic authentication with an API token, OAuth, or Atlassian Connect as soon as possible.
Using primary account credentials like passwords outside of Atlassian's secure login screens creates security risks for our customers. API tokens allow users to generate unique one-off tokens for each app or integration that can be easily revoked if needed.
Furthermore, as customers adopt features like two-factor authentication and SAML, passwords may not work in all cases. API tokens have been specifically designed as an alternative for Atlassian accounts in organizations that are using these features.
For the following APIs and pages, all requests using basic authentication with a non-API token credential will return 401 ( Unauthorized) after the deprecation period:
The following Jira Cloud REST API endpoint will be removed: