How to Get API tokens from all Managed Accounts using REST API
Platform Notice: Cloud - This article applies to Atlassian products on the cloud platform.
Disclaimer
Atlassian does not support this code below, which is provided "AS IS". The goal of this article is to provide a piece of code that illustrates one way to achieve the desired goal.
Feedback provided at the bottom of the page is appreciated, but won't be handled as support.
This can be achieved through the UI by using API token controls.
Summary
The Python script on this page was created to extract a report with all Managed Accounts having API tokens using the Get API tokens endpoint. This example can be used as is but might be a nice place to start and be built upon.
Environment
Jira Cloud
This script requires Python 3 to be installed.
Usage
Export your managed accounts:
Access http://admin.atlassian.com
Go to "Directory" → “Managed accounts”
Select “Export Accounts”
Download the CSV file from your mail
Manipulate the CSV file:
Open the CSV file
Delete all columns except the “Atlassian ID“
Rename the CSV file as “managed_accounts.csv”
Set up and execute the script:
The only thing you need to update is the organization authorization token “<yourOrgToken>“ under the “headers” variable. You can find how to create an organization token here
Make sure the script and the managed_accounts.csv are under the same folder
Now you can execute the script with “python3 script.py”, it may take some time if you have a significant number of accounts
Once it's finished, it will create an “output.csv” with only the managed accounts that have API tokens
# Script to search managed accounts that have API tokens
import requests
import csv
# Variables
headers = {
"Accept": "application/json",
"Authorization": "Bearer <yourOrgToken>"
}
accounts_checked = 0
def get_account_tokens(account_id):
global accounts_checked
url = f"https://api.atlassian.com/users/{account_id}/manage/api-tokens"
print(f"Getting tokens for account ID: {account_id}")
response = requests.get(url, headers=headers)
# Response example (if the account has API tokens):
# [
# {
# "id": "00000000",
# "label": "xxxx",
# "createdAt": "2023-10-27T16:17:45.125421997Z",
# "disabledStatus": false
# }
# ]
if response.status_code != 200:
print(f"Failed to get tokens for account ID: {account_id}. Status code: {response.status_code}, Error message: {response.text}")
return []
accounts_checked += 1
tokens = []
for entry in response.json():
if all(key in entry for key in ['id', 'label', 'createdAt', 'disabledStatus']):
tokens.append({
'id': entry['id'],
'label': entry['label'],
'createdAt': entry['createdAt'],
'disabledStatus': entry['disabledStatus']
})
return tokens
def check_accounts():
print("Started")
with open('managed_accounts.csv', 'r') as csvfile, open('output.csv', 'w', newline='') as outfile:
datareader = csv.reader(csvfile)
# Skip the header
next(datareader, None)
datawriter = csv.writer(outfile)
datawriter.writerow(["Account ID", "ID", "Label", "Created At", "Disabled Status"])
for row in datareader:
account_id = row[0]
tokens = get_account_tokens(account_id)
for token in tokens:
datawriter.writerow([account_id, token['id'], token['label'], token['createdAt'], token['disabledStatus']])
print(f"Accounts checked: {accounts_checked}")
print("output.csv file was created! Check the results.")
check_accounts()