Action Required: Enforcement of the deprecation of JWT Query Strings as a query string parameter to Atlassian APIs

Hi all,

We previously announced the deprecation of JWT query strings as a means to authenticate to the product REST APIs as a Connect app in August 2021 - Action Required: Deprecating support for passing Connect JWTs as a query string parameter to Atlassian APIs. This was to be enforced on Feb 1, 2022, however the enforcement of this change was not comprehensive and a small number of apps continued to use the existing query string method.

We’re now proceeding with the complete removal of ?jwt= query string support from the Jira and Confluence APIs on Aug 31, 2023. If you currently still utilise JWT query strings, you will be allowlisted to continue until Aug 31, 2023 without any action on your end. After this date, the Atlassian Jira and Confluence APIs will no longer inspect the ?jwt= query string parameter and requests for all apps, and consequently may fail with a HTTP 401 response.

Please utilise the JWT auth header as a means to authenticate as outlined in: Understanding JWT for Connect apps

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.