Documentation

API Keys Management

Securely connect external tools and custom scripts to your Ticket Mate workspace.

Overview

API Keys allow automated systems (like CI/CD pipelines or custom internal tools) to interact with Ticket Mate without requiring a user login. Managing these keys securely is critical to maintaining the integrity of your workspace.

Key Features

1. Key Generation

Administrators can generate keys with specific scopes and expiration dates.

Workspace-Scoped: Grants access to all projects in the workspace.
Project-Scoped: Restricts access to a single Jira project.
Read-Only: Prevents any modifications to tickets or settings.

2. Security Controls

Expiration Policies: Set keys to expire after 30, 90, or 365 days.
IP Whitelisting: Restrict key usage to specific server IP addresses or CIDR ranges.
Last Used Tracking: See exactly when and where a key was last utilized.

3. Rotation & Revocation

One-Click Revoke: Instantly disable a compromised key.
Safe Rotation: Generate a new key and allow a 24-hour overlap with the old key to prevent service downtime.

Use Cases

CI/CD Integration

Link your GitHub Actions or Jenkins pipelines to Ticket Mate:

Automatically "Start Work" on a ticket when a build begins.
Post build status as a comment on the relevant Jira ticket.

Custom Scripts

Build your own internal wrappers for the Ticket Mate API:

Bulk-update ticket components.
Export custom datasets for external reporting.

Best Practices

Environment Variables: NEVER hardcode API keys in your scripts. Always use environment variables or secret managers (e.g., GitHub Secrets, AWS Secrets Manager).
Audit Regularly: Delete any keys that haven't been used in the last 60 days.
Minimal Scope: Always use the most restrictive scope possible for a given task.