Skip to content

Atlassian

Atlassian token behavior (what to expect)

  • Access token duration: ~1 hour (short‑lived).
  • Refresh token: returned when offline_access scope is granted; use it to get new access tokens.
  • Rotation: new access tokens supersede prior ones; expect old access tokens to stop working after refresh or expiry.
  • Scopes: strictly enforced. Missing scopes result in 403 even if the token is valid.
  • Error signals:
  • 401/invalid_token when the access token is expired.
  • 403/insufficient_scope when calling APIs outside granted scopes.
  • Client usage: call Atlassian Cloud APIs with Authorization: Bearer <access_token>. Refresh a few minutes before expiry to avoid edge failures.