Following the doco of JIRA REST API, OAuth and HTTP Basic are two recommended authentication. We are using the HTTP Basic one with https, which works good and safe.
Is there any difference on performance between them?
Excluding initial token negotiation, OAuth is still computationally more expensive than Basic Authentication, given the larger size of the secured payload, and the signing requirements. A non-exhaustive list of extra logic that needs to be carried out:
Compared with basic authentication which requires a very simple hashing in order to calculate the single required header - OAuth is without a doubt a more expensive authentication. But, the important thing to realize is that the two authentication mechanisms serve entirely different purposes. Basic Auth is for authenticating a client to a primary application. OAuth is for authorizing a third party to access client data from a primary application. Both have their place and selecting one over the other should be driven by the particular use case of the implementation.