REST API Global settings

Enable REST API Authentication

The “Enable REST API Authentication” toggle ensures API authentication through the plugin. When activated, this toggle allows the plugin to play a central role in the API authentication process, implementing security measures as specified. If disabled, the plugin will no longer be engaged in API authentication.

Disable Basic Authentication

The “Disable Basic Authentication” toggle allows you to enforce authentication through the plugin, specifically targeting the restriction of basic authentication using usernames and passwords. When this toggle is enabled, it actively prevents the use of basic authentication methods, emphasizing a more secure and controlled approach to user verification.

Plugin's OAuth 2.0 Tokens

If OAuth 2.0 tokens are not being used for authentication, you can disable the plugin's OAuth 2.0 tokens toggle. Disabling OAuth tokens if not in use eliminates the possibility of exploiting unused authentication mechanisms. This feature ensures that your system remains streamlined and secure by only enabling the authentication methods that are actively in use.

Allow users to create Tokens

Enabling the “Allow users to create Tokens” toggle extends the ability to generate tokens at the user level, promoting a more decentralized approach. In contrast, disabling the toggle restricts token generation to admins exclusively. If the toggle is disabled, admins will be allowed to generate tokens for users. Also, if you have enabled “Allow groups to generate tokens” from group-based restrictions, you need to keep the toggle on.

Allow PAT Tokens

The “Allow PAT Tokens” toggle introduces a flexible authentication option by enabling users to utilize Personal Access Tokens (PAT) generated by Jira/Confluence for API access. However, to enforce authentication through the plugin and restrict the use of PAT tokens, admins can disable the toggle.