Tempo Ideas

Welcome to Tempo’s Idea Portal! Your suggestions are valuable to us and help us make our products even better.
Below is a list of ideas for Tempo, so please search, review and vote for those that would help you the most. We encourage you to add an idea if you don’t see it listed. You can stay updated on the work we are doing here at Tempo by contributing to this page.
To learn more and see our Frequently Asked Questions, click here.

Central Administration of Tempo API Keys and OAuth Access

Iam requesting enhanced administrative capabilities in Tempo for Jira Cloud, specifically around visibility and control of API access (both API Keys and OAuth connections). Currently, Jira Cloud Administrators — even with Tempo Administrator permissions — have no centralized way to monitor or revoke user-generated API keys or OAuth tokens issued via 3-legged OAuth (3LO) integration with Tempo APIs.

📌 Problem Statement

  • API Keys: Only the user who created a Tempo API key can view or revoke it. This poses significant security and offboarding risks, especially in large or regulated environments.

  • OAuth 2.0 (3LO): Tokens inherit the full permission set of the authorizing user. There is no admin-level visibility into who has authorized Tempo access, what scopes are granted, or any way to revoke access from the organization level.

  • No audit logging is available to track API key usage or OAuth connections.

  • Admins cannot differentiate whether integrations are active, abandoned, or improperly scoped.

🎯 Use Case

As a Jira Cloud Administrator, I want to:

  1. View a list of all active Tempo API keys issued within the instance.

  2. Revoke any API key created by any user.

  3. View and manage OAuth tokens connected to Tempo, including:

    • Who granted them

    • What scopes are granted

    • When they were last used

  4. Restrict OAuth 2.0 app usage to service accounts or specific user groups.

  5. Enforce scoping policies on API usage (e.g., limit Tempo write access to named users only).

  6. Monitor API access via logs (Tempo API endpoint access per user/token).

🔐 Why This Matters

  • Security: Unrevoked tokens or API keys can persist long after a user has left or changed roles.

  • Compliance: Enterprises need traceability and enforceable security policies.

  • Least Privilege Principle: OAuth tokens should not inherit unintended admin privileges.

  • Auditability: Admins must be able to trace who is accessing Tempo data and how.

📎 Optional: Technical Suggestions

  • Provide an admin-level API or UI page listing all active Tempo API keys with metadata (user, creation date, last use).

  • Extend Atlassian Admin’s Connected Apps to display Tempo 3LO tokens and scopes.

  • Add audit logging endpoints or export options for API access.

  • Allow revocation of all access tokens by admins, not just by individual users.

🧩 Related Products

  • Jira Cloud Admin

  • Tempo Timesheets / Planner / Budgets

  • Atlassian Admin (Organization Level)

  • OAuth 2.0 integrations

  • Forge & Connect App Model

  • Martin König
  • Apr 8 2025
Tempo Products Tempo Timesheets, Tempo Planner, Tempo Budgets, Cost Tracker for Tempo Timesheets, Tempo Mobile App, Tempo Reports, Tempo Accounts, Tempo Teams, Timesheet Reports & Gadgets (formerly Prime)
Tempo Platform Cloud
  • Attach files
      Drop here to upload

    Related ideas