atlassian-mcp-server
Compare original and translation side by side
🇺🇸
Original
English🇨🇳
Translation
ChineseAtlassian MCP Server
Atlassian MCP Server
Skill by ara.so — MCP Skills collection.
The Atlassian Rovo MCP Server is a cloud-based remote MCP server that bridges AI agents, IDEs, and other MCP clients with Atlassian Cloud (Jira, Confluence, Compass). It enables natural language interaction with Atlassian data using secure OAuth 2.1 or API token authentication, respecting user permissions.
由ara.so提供的Skill — MCP Skills合集。
Atlassian Rovo MCP Server是一款基于云的远程MCP服务器,可将AI agents、IDE及其他MCP客户端与Atlassian Cloud(Jira、Confluence、Compass)连接起来。它支持通过安全的OAuth 2.1或API令牌认证与Atlassian数据进行自然语言交互,同时遵循用户权限设置。
What It Does
功能介绍
- Search & Summarize: Query Jira issues, Confluence pages, and Compass components
- Create & Update: Generate issues, pages, and components from natural language
- Automate Workflows: Link content, bulk create items, extract data across Atlassian products
- Respect Permissions: All actions honor existing Atlassian Cloud access controls
- 搜索与总结:查询Jira问题、Confluence页面和Compass组件
- 创建与更新:通过自然语言生成问题、页面和组件
- 工作流自动化:关联内容、批量创建条目、跨Atlassian产品提取数据
- 权限合规:所有操作均遵循Atlassian Cloud现有的访问控制规则
Server Endpoint
服务器端点
https://mcp.atlassian.com/v1/mcpThe server is hosted by Atlassian (remote MCP) — no local installation required. For desktop clients (Claude, Cursor, VS Code), you'll use the proxy package.
mcp-remotehttps://mcp.atlassian.com/v1/mcp该服务器由Atlassian托管(远程MCP)——无需本地安装。对于桌面客户端(Claude、Cursor、VS Code),您需要使用代理包。
mcp-remoteInstallation & Configuration
安装与配置
For Desktop Clients (Claude, Cursor, VS Code)
桌面客户端(Claude、Cursor、VS Code)
1. Install mcp-remote Proxy
1. 安装mcp-remote代理
bash
undefinedbash
undefinedUsing npm
使用npm
npm install -g @modelcontextprotocol/mcp-remote
npm install -g @modelcontextprotocol/mcp-remote
Using npx (no install)
使用npx(无需安装)
npx @modelcontextprotocol/mcp-remote
undefinednpx @modelcontextprotocol/mcp-remote
undefined2. Configure Client
2. 配置客户端
Claude Desktop ( on macOS):
~/Library/Application Support/Claude/claude_desktop_config.jsonjson
{
"mcpServers": {
"atlassian-rovo": {
"command": "npx",
"args": [
"-y",
"@modelcontextprotocol/mcp-remote",
"https://mcp.atlassian.com/v1/mcp"
],
"env": {
"MCP_REMOTE_AUTH_TYPE": "oauth"
}
}
}
}Cursor ( in project root):
.cursor/config.jsonjson
{
"mcpServers": {
"atlassian-rovo": {
"command": "npx",
"args": [
"-y",
"@modelcontextprotocol/mcp-remote",
"https://mcp.atlassian.com/v1/mcp"
],
"env": {
"MCP_REMOTE_AUTH_TYPE": "oauth"
}
}
}
}VS Code (settings.json):
json
{
"mcp.servers": {
"atlassian-rovo": {
"command": "npx",
"args": [
"-y",
"@modelcontextprotocol/mcp-remote",
"https://mcp.atlassian.com/v1/mcp"
],
"env": {
"MCP_REMOTE_AUTH_TYPE": "oauth"
}
}
}
}Claude Desktop(macOS路径:):
~/Library/Application Support/Claude/claude_desktop_config.jsonjson
{
"mcpServers": {
"atlassian-rovo": {
"command": "npx",
"args": [
"-y",
"@modelcontextprotocol/mcp-remote",
"https://mcp.atlassian.com/v1/mcp"
],
"env": {
"MCP_REMOTE_AUTH_TYPE": "oauth"
}
}
}
}Cursor(项目根目录下的):
.cursor/config.jsonjson
{
"mcpServers": {
"atlassian-rovo": {
"command": "npx",
"args": [
"-y",
"@modelcontextprotocol/mcp-remote",
"https://mcp.atlassian.com/v1/mcp"
],
"env": {
"MCP_REMOTE_AUTH_TYPE": "oauth"
}
}
}
}VS Code(settings.json):
json
{
"mcp.servers": {
"atlassian-rovo": {
"command": "npx",
"args": [
"-y",
"@modelcontextprotocol/mcp-remote",
"https://mcp.atlassian.com/v1/mcp"
],
"env": {
"MCP_REMOTE_AUTH_TYPE": "oauth"
}
}
}
}3. Authentication Flow
3. 认证流程
On first use, the client will:
- Open a browser to Atlassian OAuth consent screen
- Prompt you to authorize access to Jira/Confluence/Compass
- Store credentials securely for future sessions
首次使用时,客户端将:
- 打开浏览器跳转至Atlassian OAuth授权页面
- 提示您授权访问Jira/Confluence/Compass
- 安全存储凭据以便后续会话使用
For Headless/API Token Authentication
无头/API令牌认证
Admins must first enable API token auth in Atlassian Administration.
json
{
"mcpServers": {
"atlassian-rovo": {
"command": "npx",
"args": [
"-y",
"@modelcontextprotocol/mcp-remote",
"https://mcp.atlassian.com/v1/mcp"
],
"env": {
"MCP_REMOTE_AUTH_TYPE": "apitoken",
"ATLASSIAN_EMAIL": "${ATLASSIAN_EMAIL}",
"ATLASSIAN_API_TOKEN": "${ATLASSIAN_API_TOKEN}",
"ATLASSIAN_CLOUD_ID": "${ATLASSIAN_CLOUD_ID}"
}
}
}
}Required environment variables:
- : Your Atlassian account email
ATLASSIAN_EMAIL - : Rovo MCP scoped API token (from Atlassian account settings)
ATLASSIAN_API_TOKEN - : Your site URL (e.g.,
ATLASSIAN_CLOUD_ID)https://yoursite.atlassian.net
管理员必须先在Atlassian管理后台启用API令牌认证。
json
{
"mcpServers": {
"atlassian-rovo": {
"command": "npx",
"args": [
"-y",
"@modelcontextprotocol/mcp-remote",
"https://mcp.atlassian.com/v1/mcp"
],
"env": {
"MCP_REMOTE_AUTH_TYPE": "apitoken",
"ATLASSIAN_EMAIL": "${ATLASSIAN_EMAIL}",
"ATLASSIAN_API_TOKEN": "${ATLASSIAN_API_TOKEN}",
"ATLASSIAN_CLOUD_ID": "${ATLASSIAN_CLOUD_ID}"
}
}
}
}必填环境变量:
- : 您的Atlassian账户邮箱
ATLASSIAN_EMAIL - : Rovo MCP范围的API令牌(来自Atlassian账户设置)
ATLASSIAN_API_TOKEN - : 您的站点URL(例如:
ATLASSIAN_CLOUD_ID)https://yoursite.atlassian.net
For Web Clients (ChatGPT, Gemini CLI, GitHub Copilot)
Web客户端(ChatGPT、Gemini CLI、GitHub Copilot)
Follow client-specific documentation to add the remote MCP server:
- Server URL:
https://mcp.atlassian.com/v1/mcp - Auth Type: OAuth 2.1 (browser flow)
Example for OpenAI ChatGPT:
- Go to Settings → Integrations → MCP
- Add server URL:
https://mcp.atlassian.com/v1/mcp - Complete OAuth flow when prompted
遵循客户端特定文档添加远程MCP服务器:
- 服务器URL:
https://mcp.atlassian.com/v1/mcp - 认证类型: OAuth 2.1(浏览器流程)
OpenAI ChatGPT示例:
- 进入设置 → 集成 → MCP
- 添加服务器URL:
https://mcp.atlassian.com/v1/mcp - 按提示完成OAuth流程
Optimizing Performance with AGENTS.md
使用AGENTS.md优化性能
Reduce token usage and tool calls by setting defaults in your project's :
AGENTS.mdmarkdown
undefined通过在项目的中设置默认值,减少令牌使用和工具调用:
AGENTS.mdmarkdown
undefinedAtlassian Rovo MCP
Atlassian Rovo MCP
When connected to atlassian-rovo-mcp:
- MUST use Jira project key = MYPROJ
- MUST use Confluence spaceId = "123456"
- MUST use cloudId = "https://mysite.atlassian.net" (do NOT call getAccessibleAtlassianResources)
- MUST use or
maxResults: 10for ALL Jira JQL and Confluence CQL search operations.limit: 10
Replace with your actual values:
- `MYPROJ`: Your default Jira project key
- `123456`: Your Confluence space ID (get from space settings)
- `https://mysite.atlassian.net`: Your Atlassian Cloud site URL当连接到atlassian-rovo-mcp时:
- 必须使用Jira项目密钥 = MYPROJ
- 必须使用Confluence空间ID = "123456"
- 必须使用cloudId = "https://mysite.atlassian.net"(请勿调用getAccessibleAtlassianResources)
- 必须对所有Jira JQL和Confluence CQL搜索操作使用或
maxResults: 10。limit: 10
替换为您的实际值:
- `MYPROJ`: 您的默认Jira项目密钥
- `123456`: 您的Confluence空间ID(从空间设置获取)
- `https://mysite.atlassian.net`: 您的Atlassian Cloud站点URLCommon Usage Patterns
常见使用场景
Jira Operations
Jira操作
Search Issues
搜索问题
"Find all open bugs in project MYPROJ assigned to me"The agent will use the tool with JQL:
jira_searchForIssuesUsingJqljql
project = MYPROJ AND status = Open AND assignee = currentUser() AND type = Bug"查找分配给我的MYPROJ项目中所有未解决的Bug"Agent将使用工具执行JQL查询:
jira_searchForIssuesUsingJqljql
project = MYPROJ AND status = Open AND assignee = currentUser() AND type = BugCreate Issue
创建问题
"Create a story in MYPROJ titled 'Add dark mode support' with description 'Users want dark theme option'"The agent calls with payload:
jira_createIssuejavascript
{
"cloudId": "https://mysite.atlassian.net",
"fields": {
"project": { "key": "MYPROJ" },
"summary": "Add dark mode support",
"description": "Users want dark theme option",
"issuetype": { "name": "Story" }
}
}"在MYPROJ项目中创建一个标题为'添加深色模式支持'的Story,描述为'用户希望有深色主题选项'"Agent调用接口,传入以下参数:
jira_createIssuejavascript
{
"cloudId": "https://mysite.atlassian.net",
"fields": {
"project": { "key": "MYPROJ" },
"summary": "Add dark mode support",
"description": "Users want dark theme option",
"issuetype": { "name": "Story" }
}
}Bulk Create from Notes
从笔记批量创建
"Create Jira tickets from these requirements:
1. User authentication via OAuth
2. Password reset flow
3. Email verification"Agent creates 3 issues sequentially using .
jira_createIssue"根据以下需求创建Jira工单:
1. 通过OAuth实现用户认证
2. 密码重置流程
3. 邮箱验证"Agent将使用接口依次创建3个问题。
jira_createIssueUpdate Issue
更新问题
"Update MYPROJ-123 to set status to In Progress and add comment 'Working on this now'"Uses and .
jira_editIssuejira_addComment"将MYPROJ-123的状态更新为'In Progress',并添加评论'正在处理此问题'"使用和接口。
jira_editIssuejira_addCommentConfluence Operations
Confluence操作
Search Pages
搜索页面
"Find all Confluence pages about API documentation in the DEV space"Uses with CQL:
confluence_searchByCQLcql
space = DEV AND text ~ "API documentation""查找DEV空间中所有关于API文档的Confluence页面"使用工具执行CQL查询:
confluence_searchByCQLcql
space = DEV AND text ~ "API documentation"Create Page
创建页面
"Create a Confluence page in space DEV titled 'API Integration Guide' with content:"在DEV空间中创建一个标题为'API集成指南'的Confluence页面,内容如下:Authentication
认证
Use OAuth 2.0 for all API requests."
Calls `confluence_createPage`:
```javascript
{
"cloudId": "https://mysite.atlassian.net",
"spaceId": "123456",
"status": "current",
"title": "API Integration Guide",
"body": {
"representation": "storage",
"value": "<h1>Authentication</h1><p>Use OAuth 2.0 for all API requests.</p>"
}
}所有API请求均使用OAuth 2.0。"
调用`confluence_createPage`接口:
```javascript
{
"cloudId": "https://mysite.atlassian.net",
"spaceId": "123456",
"status": "current",
"title": "API Integration Guide",
"body": {
"representation": "storage",
"value": "<h1>Authentication</h1><p>Use OAuth 2.0 for all API requests.</p>"
}
}Summarize Page
总结页面
"Summarize the Q2 Planning page in DEV space"Agent fetches page content and provides summary.
"总结DEV空间中的Q2规划页面"Agent将获取页面内容并提供总结。
Compass Operations
Compass操作
Create Component
创建组件
"Create a Compass component called 'api-gateway' of type SERVICE with description 'Main API gateway service'"Uses :
compass_createComponentjavascript
{
"cloudId": "https://mysite.atlassian.net",
"name": "api-gateway",
"typeId": "SERVICE",
"description": "Main API gateway service"
}"创建一个名为'api-gateway'的Compass组件,类型为SERVICE,描述为'主API网关服务'"使用接口:
compass_createComponentjavascript
{
"cloudId": "https://mysite.atlassian.net",
"name": "api-gateway",
"typeId": "SERVICE",
"description": "Main API gateway service"
}Query Dependencies
查询依赖
"What services depend on the api-gateway component?"Uses to find dependencies.
compass_searchComponents"哪些服务依赖于api-gateway组件?"使用接口查找依赖关系。
compass_searchComponentsBulk Import
批量导入
"Import these components from JSON:
[
{\"name\": \"auth-service\", \"typeId\": \"SERVICE\"},
{\"name\": \"user-db\", \"typeId\": \"DATABASE\"}
]""从JSON导入以下组件:
[
{\"name\": \"auth-service\", \"typeId\": \"SERVICE\"},
{\"name\": \"user-db\", \"typeId\": \"DATABASE\"}
]"Cross-Product Workflows
跨产品工作流
Link Jira to Confluence
关联Jira与Confluence
"Link Jira issues MYPROJ-100, MYPROJ-101, MYPROJ-102 to the 'Sprint Planning' Confluence page"Agent retrieves page, updates content with Jira macros or links.
"将Jira问题MYPROJ-100、MYPROJ-101、MYPROJ-102关联到'Sprint规划'Confluence页面"Agent将获取页面内容,使用Jira宏或链接更新页面。
Create Issues from Confluence
从Confluence创建问题
"Read the 'Feature Requests' Confluence page and create a Jira ticket for each item"Agent:
- Fetches Confluence page content
- Parses items
- Creates Jira issues using
jira_createIssue
"读取'功能需求'Confluence页面,并为每个条目创建一个Jira工单"Agent将:
- 获取Confluence页面内容
- 解析条目
- 使用接口创建Jira问题
jira_createIssue
Advanced Configuration
高级配置
Custom Scopes
自定义权限范围
If you need specific Atlassian API scopes, configure during OAuth:
- : Read Jira data
read:jira-work - : Create/update Jira issues
write:jira-work - : Read Confluence pages
read:confluence-content.all - : Create/update Confluence pages
write:confluence-content - : Read Compass data
read:compass:* - : Write Compass data
write:compass:*
The MCP server requests appropriate scopes automatically based on available tools.
如果您需要特定的Atlassian API权限范围,可在OAuth过程中配置:
- : 读取Jira数据
read:jira-work - : 创建/更新Jira问题
write:jira-work - : 读取Confluence页面
read:confluence-content.all - : 创建/更新Confluence页面
write:confluence-content - : 读取Compass数据
read:compass:* - : 写入Compass数据
write:compass:*
MCP服务器会根据可用工具自动请求相应的权限范围。
IP Allowlisting
IP白名单
If your organization uses IP allowlisting:
- Ensure your current IP is allowed in Atlassian Administration
- Requests through MCP server must originate from allowed IPs
- Configure VPN if working remotely
如果您的组织使用IP白名单:
- 确保您当前的IP已在Atlassian管理后台被允许
- 通过MCP服务器发起的请求必须来自允许的IP
- 远程工作时请配置VPN
Multiple Sites
多站点配置
To work with multiple Atlassian sites, configure separate MCP server entries:
json
{
"mcpServers": {
"atlassian-prod": {
"command": "npx",
"args": ["-y", "@modelcontextprotocol/mcp-remote", "https://mcp.atlassian.com/v1/mcp"],
"env": {
"MCP_REMOTE_AUTH_TYPE": "oauth",
"ATLASSIAN_CLOUD_ID": "https://prod.atlassian.net"
}
},
"atlassian-staging": {
"command": "npx",
"args": ["-y", "@modelcontextprotocol/mcp-remote", "https://mcp.atlassian.com/v1/mcp"],
"env": {
"MCP_REMOTE_AUTH_TYPE": "oauth",
"ATLASSIAN_CLOUD_ID": "https://staging.atlassian.net"
}
}
}
}如需处理多个Atlassian站点,请配置单独的MCP服务器条目:
json
{
"mcpServers": {
"atlassian-prod": {
"command": "npx",
"args": ["-y", "@modelcontextprotocol/mcp-remote", "https://mcp.atlassian.com/v1/mcp"],
"env": {
"MCP_REMOTE_AUTH_TYPE": "oauth",
"ATLASSIAN_CLOUD_ID": "https://prod.atlassian.net"
}
},
"atlassian-staging": {
"command": "npx",
"args": ["-y", "@modelcontextprotocol/mcp-remote", "https://mcp.atlassian.com/v1/mcp"],
"env": {
"MCP_REMOTE_AUTH_TYPE": "oauth",
"ATLASSIAN_CLOUD_ID": "https://staging.atlassian.net"
}
}
}
}Available Tools (Partial List)
可用工具(部分列表)
The server exposes 50+ tools. Key examples:
服务器提供50+种工具。主要示例:
Jira
Jira
jira_searchForIssuesUsingJqljira_createIssuejira_editIssuejira_addCommentjira_getIssuejira_deleteIssuejira_assignIssue
jira_searchForIssuesUsingJqljira_createIssuejira_editIssuejira_addCommentjira_getIssuejira_deleteIssuejira_assignIssue
Confluence
Confluence
confluence_searchByCQLconfluence_createPageconfluence_updatePageconfluence_getPageconfluence_deletePageconfluence_getSpaces
confluence_searchByCQLconfluence_createPageconfluence_updatePageconfluence_getPageconfluence_deletePageconfluence_getSpaces
Compass
Compass
compass_createComponentcompass_searchComponentscompass_getComponentcompass_updateComponentcompass_deleteComponent
compass_createComponentcompass_searchComponentscompass_getComponentcompass_updateComponentcompass_deleteComponent
Utility
实用工具
- (list available sites - avoid if using AGENTS.md defaults)
getAccessibleAtlassianResources
- (列出可用站点 - 如果使用AGENTS.md默认值请避免调用)
getAccessibleAtlassianResources
Troubleshooting
故障排除
"Your site admin must authorize this app"
"您的站点管理员必须授权此应用"
Cause: First user to connect must be a site admin.
Solution:
- Have a site admin complete OAuth flow first
- Once installed, regular users can connect
原因:首次连接的用户必须是站点管理员。
解决方案:
- 请站点管理员先完成OAuth流程
- 应用安装后,普通用户即可连接
"You don't have permission to connect from this IP address"
"您没有权限从此IP地址连接"
Cause: IP allowlisting is enabled and your IP isn't allowed.
Solution:
- Check Atlassian Administration → Security → IP allowlist
- Add your IP range or VPN IP
- Contact your admin if you can't modify settings
原因:IP白名单已启用,但您的IP未被允许。
解决方案:
- 检查Atlassian管理后台 → 安全 → IP白名单
- 添加您的IP范围或VPN IP
- 如无法修改设置,请联系管理员
OAuth flow doesn't open browser
OAuth流程无法打开浏览器
Cause: Headless environment or browser not configured.
Solution:
- Switch to API token authentication (see headless setup above)
- Or ensure environment variable points to valid browser
BROWSER
原因:无头环境或浏览器未配置。
解决方案:
- 切换到API令牌认证(参见上述无头设置)
- 或确保环境变量指向有效的浏览器
BROWSER
"App not appearing in Connected apps"
"应用未出现在已连接应用中"
Cause: Wrong account, wrong site, or permissions issue.
Solution:
- Verify you're logged into correct Atlassian account
- Check site URL matches in config
cloudId - Ensure you have access to Jira/Confluence/Compass on that site
- Try revoking and re-authorizing from Atlassian account settings
原因:账户错误、站点错误或权限问题。
解决方案:
- 验证您登录的是正确的Atlassian账户
- 检查站点URL与配置中的匹配
cloudId - 确保您有权访问该站点的Jira/Confluence/Compass
- 尝试从Atlassian账户设置中撤销并重新授权
High token usage / slow responses
令牌使用率高/响应缓慢
Cause: Agent calling repeatedly or searching without limits.
getAccessibleAtlassianResourcesSolution:
- Add AGENTS.md configuration with , project, and space defaults
cloudId - Always specify or
maxResultsin search querieslimit - Cache site/project/space IDs in conversation context
原因:Agent反复调用或无限制搜索。
getAccessibleAtlassianResources解决方案:
- 添加AGENTS.md配置,设置、项目和空间默认值
cloudId - 在搜索查询中始终指定或
maxResultslimit - 在对话上下文中缓存站点/项目/空间ID
Rate limiting errors
速率限制错误
Cause: Too many API requests in short time.
Solution:
- Batch operations where possible
- Add delays between bulk creates
- Use search with pagination instead of fetching all results
原因:短时间内发起过多API请求。
解决方案:
- 尽可能批量操作
- 在批量创建之间添加延迟
- 使用分页搜索而非获取所有结果
Skills for Claude Desktop
Claude Desktop专用Skill
Pre-built skills available in directory:
skills/- create-jira-issue.md: Create Jira issues from natural language
- search-confluence.md: Search and summarize Confluence pages
- link-content.md: Link Jira issues to Confluence pages
To use:
- Copy skill file to
~/Library/Application Support/Claude/skills/ - Restart Claude Desktop
- Reference skill: "Use the create-jira-issue skill to make a new bug"
skills/- create-jira-issue.md: 通过自然语言创建Jira问题
- search-confluence.md: 搜索并总结Confluence页面
- link-content.md: 关联Jira问题与Confluence页面
使用方法:
- 将Skill文件复制到
~/Library/Application Support/Claude/skills/ - 重启Claude Desktop
- 引用Skill:"使用create-jira-issue skill创建一个新Bug"
Admin Considerations
管理员注意事项
First-Time Setup (Admin)
首次设置(管理员)
- First user must have access to all Atlassian products being integrated (Jira, Confluence, Compass)
- Complete OAuth flow to install app (lazy/JIT installation)
- App appears in Atlassian Administration → Apps → Connected apps
- 首位用户必须有权访问所有要集成的Atlassian产品(Jira、Confluence、Compass)
- 完成OAuth流程以安装应用(延迟/即时安装)
- 应用将出现在Atlassian管理后台 → 应用 → 已连接应用
Enabling API Token Auth (Admin)
启用API令牌认证(管理员)
- Go to Atlassian Administration → Security → Rovo MCP Server
- Enable "API token authentication"
- Users can then create scoped API tokens from account settings
- 进入Atlassian管理后台 → 安全 → Rovo MCP Server
- 启用"API令牌认证"
- 用户随后可从账户设置创建范围化API令牌
Monitoring Usage
监控使用情况
- View audit logs in Atlassian Administration → Audit log
- Filter by "Rovo MCP Server" to see all actions
- Logs include user, timestamp, action, IP address
- 在Atlassian管理后台 → 审计日志中查看审计日志
- 按"Rovo MCP Server"过滤查看所有操作
- 日志包含用户、时间戳、操作、IP地址
Revoking Access
撤销访问权限
Organization-wide:
- Atlassian Administration → Apps → Connected apps
- Find "Atlassian Rovo MCP Server"
- Click "Revoke" or "Uninstall"
Per-user:
- User profile → Account settings → Security
- Connected apps → Revoke "Atlassian Rovo MCP Server"
组织范围:
- Atlassian管理后台 → 应用 → 已连接应用
- 找到"Atlassian Rovo MCP Server"
- 点击"撤销"或"卸载"
单用户:
- 用户资料 → 账户设置 → 安全
- 已连接应用 → 撤销"Atlassian Rovo MCP Server"
Security Best Practices
安全最佳实践
- Never commit API tokens: Use environment variables ()
${ATLASSIAN_API_TOKEN} - Use scoped tokens: Request only needed permissions
- Rotate tokens regularly: Refresh API tokens every 90 days
- Monitor audit logs: Review MCP actions weekly
- Enable IP allowlisting: Restrict access to known networks
- Educate users: Train on what data agents can access
- Revoke unused access: Remove old OAuth authorizations
- 切勿提交API令牌:使用环境变量()
${ATLASSIAN_API_TOKEN} - 使用范围化令牌:仅请求所需权限
- 定期轮换令牌:每90天刷新一次API令牌
- 监控审计日志:每周查看MCP操作
- 启用IP白名单:限制对已知网络的访问
- 培训用户:告知用户Agent可访问的数据范围
- 撤销未使用的访问权限:移除旧的OAuth授权