Want to make your API Key Management safe in Confluence Cloud? With restricted, time-limited, and read-only API keys created by API Key Manager for Confluence, you can do this with ease! And the app has even more security features up its sleeve: Unlike API tokens in the Atlassian Cloud, API keys created with this app only apply to one specific Confluence instance.
API Key Manager for Confluence is designed to make using the REST API of your Confluence Cloud instance more secure: You can easily create and manage API keys hereby bringing an immense security gain for all teams that create scripts or use technical integrations in Confluence.
All Confluence professionals will now surely ask themselves: Why do I need something like that if I can also use the API tokens in the cloud?
That's right! But there are some essential differences between API keys and API tokens. By default, Atlassian tokens are always bound to a user and inherit all his permissions on every instance. So, any token a user creates has all his rights – not only in one instance but in all cloud instances on which the user is authorized.
With API Key Manager for Confluence Cloud, you can create API keys that only apply to one specific Confluence instance and are limited to the instance where the app is installed.
And that's not all! Use API Key Manager to create keys that support the following features:
All API keys generated with API Key Manager for Confluence Cloud are time-limited and valid for 30 days by default – after that period they automatically expire and would need to be created again. Their limited lifespan allows you better control of how your instance's data can be accessed. Also, keys can be revoked at any time, so you do not need to wait for their expiration.
You can further explicitly restrict what an API key can do by giving it a list of allowable API REST endpoints. This allows for very specific and single use-cases such as a key for creating a page or for reading only, or a key that can only act in a specific space. Anything is possible and independent of the rights of the person who created the key.
API Key Manager for Confluence allows you to pick which HTTP verbs are allowed for each individual key. Creating read-only keys is rather simple. Just create your key as normal and set GET as the only acceptable method.
Since Confluence's Cloud REST API diligently uses HTTP verbs, no GET request can manipulate data on your instance.
It’s time to keep your Confluence instance more secure by using time-and scope-limited API keys instead of usernames and passwords. Get API Key Manager for Confluence Cloud now in the Marketplace – it is free for small teams of up to ten users.
Install API Key Management for ConfluenceLooking for safe API Key Management in Jira? We got you covered here, too - with our API Key Manager for Jira Cloud.
Check out API Key Management for Jira