Developer
News and Updates
Get Support
Sign in
Get Support
Sign in
DOCUMENTATION
Cloud
Data Center
Resources
Sign in
Sign in
DOCUMENTATION
Cloud
Data Center
Resources
Sign in
Last updated Jun 30, 2026

Configuring authentication via API token

If enabled by your organization admin, authentication via API token lets MCP clients authenticate without an interactive OAuth consent screen. Use this option for non-interactive or machine-to-machine scenarios. See Supported tools for the tools available across Atlassian apps.

There are two options: a personal API token using Basic auth, or a service account API key using a Bearer token.

Personal API token (Basic auth)

Use this option when you want to authenticate MCP using a personal API token created by a user.

Step 1. Create a personal API token

Create a personal API token with the required scopes. If necessary, you can manually select the scopes you want your API token to have. Note the email address of the user who owns the token.

Step 2. Base64-encode the credentials

Create a base64-encoded string in the format email:api_token:

1
2
# Format: email:api_token
echo -n "your.email@example.com:YOUR_API_TOKEN_HERE" | base64

This produces a base64-encoded string representing email:api_token.

Step 3. Configure your MCP client

Add the following configuration to your MCP client's mcp.json:

1
2
{
  "mcpServers": {
    "atlassian-rovo-mcp": {
      "url": "https://mcp.atlassian.com/v1/mcp",
      "headers": {
        "Authorization": "Basic BASE64_ENCODED_EMAIL_AND_TOKEN"
      }
    }
  }
}

Replace BASE64_ENCODED_EMAIL_AND_TOKEN with the value from Step 2.

Service account API key (Bearer token)

Step 1. Obtain a service account API key

Obtain a service account API key for your non-human workload.

Step 2. Configure your MCP client

1
2
{
  "mcpServers": {
    "atlassian-rovo-mcp": {
      "url": "https://mcp.atlassian.com/v1/mcp",
      "headers": {
        "Authorization": "Bearer YOUR_API_KEY_HERE"
      }
    }
  }
}

Replace YOUR_API_KEY_HERE with your service account API key.

Verify your setup

You can confirm authentication is working with a quick request. A 200 OK response confirms authentication is working:

1
2
# Test with API token (Basic auth)
curl -I https://mcp.atlassian.com/v1/mcp \
  -H "Authorization: Basic <your_base64_encoded_credentials>"

# Test with service account (Bearer auth)
curl -I https://mcp.atlassian.com/v1/mcp \
  -H "Authorization: Bearer <your_api_key>"

Limitations

  • Authentication via API token must be enabled by your organization admin. If it is disabled, MCP clients must use OAuth 2.1 instead.
  • Because there is no redirect URI, domain allowlist checks tied to redirects are bypassed. IP allowlist enforcement is a separate control and is supported for all authentication methods.
  • OAuth 2.1 remains the recommended option for interactive, user-driven scenarios.

Next steps

Rate this page: