Oh sorry I wrote it incorrectly.
I store a Jira accountId (not the jwt, I will use the JWT to validate that indeed its a valid JWT and it is originated from Jira) and the generated apiKey associated with it in our db.
After the window closes I make a request to our API with a secret accessKey (which is only available for this endpoint) and the Jira accountId and I retrieve the apiKey and set it as user property which will be used for consecutive requests to our endpoints (setting the user property will be done in the Cloud app so this should not present an issue anymore).
Also when I retrieve an existing apiKey I delete the Jira user accountId from our db. (For extra security I can hash the jiraAccountId one way in the db so its more safe).