The API is a communication medium between a client and a server so that it can access the server's resources. Sometimes, it is imperative that the server only provide resources to authenticated clients. API Authentication is the process of certifying the identity of the client that is making the API request.
When it comes to Jira and Confluence, the usage of REST APIs is quite popular. These platforms provide a range of REST APIs, related to accessing and modifying stories, spaces, issues, etc.
It is essential to add other features on top of Jira and Confluence's own token-based API authentication mechanism to keep the system secure and to regulate the usage among the users.
miniOrange REST API Authentication solution for Jira comes packed with a variety of such powerful features.
Let's see what it offers apart from just the common token-based authentication method.
Group-Based User Restriction
Control which set of users would be allowed to access the APIs based on their groups in Jira using the group-based restriction feature, thereby restricting the API access to all of the other groups.
You can also enable read-only permissions to certain groups. The users in such groups would only be able to make the GET requests to the APIs.
IP Based restrictions
You can restrict the API access to a certain IP address or range of IP addresses. This is particularly useful when the APIs access is to be allowed only for a specific network.
Restrict Access to Public APIs
Though most of the Jira APIs require authentication, some of them are public by default and can be accessed without authentication. To add an authentication layer on such APIs, you can utilize the Restrict Access to public APIs feature.
Restrict Token Creation to Admins
You can enable this feature to allow only the admins to create tokens for themselves as well other users. The users will receive their tokens to their email address presentthat in the Jira directory.
Here, a record of all the REST calls is displayed. This includes the username, date, the request URI, the type of request, and the response status of the REST call. You can export the logs in the CSV format.
API Authentication using OAuth flow
Most Jira and Confluence administrators use SSO solutions to manage their users' accounts. More specifically in case of OAuth/OIDC protocol, it is called OAuth/OIDC provider. Instead of using the local credentials, users use their OAuth/OIDC provider credentials to log into the application.
In such scenarios, when it comes to making API calls, users need to use their local password, which, we know is not a very secure approach. Hence, it becomes pretty obvious that it would be best if the API requests could also get authenticated by the same provider.
miniOrange REST API Authentication plugin allows you to authenticate the REST calls using the OAuth/OIDC provider by the means of OAuth 2.0 Access token. The supported providers include Azure AD, Okta, Keycloak, GitHub etc. You can also configure a custom provider. To see the detailed workflow of this feature, check out our blog on REST API authentication.
Apart from this, miniOrange REST API Plugin offers a wide range of features focusing on the accessibility and security of APIs. For additional security, you can disable the basic authentication (password-based). Below is the detailed comparison of miniOrange REST API Authentication plugin with native atlassian.