Addon plugin license detail

Hi Team,

I need you input on license attribute that I want to use for enabling new feature in my atlassian addon(plugin) at markeplace.

Background:
We are planning to integrate 3rd party app with my current jira plugin(addon)

We want to enable this new integrated features to only those users, who have either newly purchased or renewed my app license after my PROD release date(i.e. any specific date, say it July 31st 2023)

Here is the criteria:

  • Valid/active plugin license
  • Newly purchased or renewed after specific date

So, here I’m seeking your inputs on license attribute that I can fetch using api for both jira cloud and jira server plugin version.
As my app is available in marketplace for both jira cloud and jira server.

I need to get either or all of these to consider these as a basis to enable my new features to specific set of users.

  • How to get license purchase or renewal date for both cloud n server plugins(addon)
  • How to get end date for license, I see that for server, not for cloud, so confirming

I have gone through few of atlassian docs but couldn’t get above information related to addon license.

I only get this: License API for cloud apps
Response doesn’t have purchase/renewal date, or end/expiry date for addon license, on both cloud and server.

Please reply, need this information urgently.

Thanks!

Hi @NikhilDiwan,

In Cloud, you could potentially use the in-product licensing API to determine the license entitlementId, and then cross-reference it with data fetched from the Marketplace licensing API which has more details on dates (e.g. maintenanceStartDate and maintenanceEndDate). The latter you’ll need to retrieve using your Marketplace vendor credentials and likely want to cache, which will be a bit of a headache, so I’ll double-check with the Atlassian Connect and Marketplace teams to see if there are any better options for you.

In Server/DC, the PluginLicense interface returned by License API for server apps similarly has dates and some other license details you can hopefully use to derive the info you need.

Cheers,
Tim

1 Like

Hi @tpettersen ,
Thanks for your reply!

For Server:
Approach is clear, as we get endDate in License api response.

For Cloud:
I got the approach, but it’s tedisous. Also, as you said, fetching entire list of licenses, and keeping that in cache, seems an overhead.

Can you please check again, if by just supplying entitlementId, if I can get maintenanceStartDate and maintenanceEndDate from atlassian, instead of fetching the entire list of licensense for my application.

Appreciate your time, and quick response!

Thanks,
Nikhil Diwan

Hi again @NikhilDiwan,

The team just confirmed that there is no in-product API in Cloud you can call to get this information.

However, it turns out that you can pass the entitlement number as the value of the text parameter to https://developer.atlassian.com/platform/marketplace/rest/v2/api-group-reporting/#api-vendors-vendorid-reporting-licenses-get

e.g.:

https://marketplace.atlassian.com/rest/2/vendors/999999/reporting/licenses?hosting=cloud&text=E-3YT-AM1-89H-UD3

This might be a bit more convenient as you could create a read-through cache for individual licenses rather than maintaining a list of your licenses.

cheers,
Tim

I would be careful on how you integrate with the Atlasian Marketplace (it’s not really built to be looking things up in real time) as well as there are security issues (the Access Token would give them access to the full license report).

In your case - I would suggest downloading the report and then identifying the entitlement IDs that should be blocked from receiving the feature - then store that list in your own database. Then have something on a cron that updates the list (note that the marketplace doesn’t update in real time though).

1 Like

I’d imagined @NikhilDiwan was integrating this information into their own app, which likely already has access to sensitive secrets (albeit Marketplace API access would be additional exposure in the case of a breach). I agree that you definitely shouldn’t be sharing a Marketplace API token with a third-party though! Instead you’d need to front that with a service as you suggested.

That’s a good call to warn about issues with Marketplace reliability and data latency. Let me check back with the Marketplace team around targets and actuals for this particular API.

1 Like

@NikhilDiwan I’ve just confirmed with the Marketplace team and as @danielwester surmised there may be a 6+ hour delay on licensing data from that end-point :frowning:

It may not be a complete show-stopper for your plan (indeed, I don’t think there is another way to get the data you require) but it’s something you’ll need to account for in your technical design and messaging to customers. Sorry I don’t have a better answer for you!

Thank you @danielwester for the input!

And yes, as @tpettersen mentioned it correctly, we will be integrating everything inside our app, but yes points noted on keeping things secret and not sharing sensitive data to 3rd party.

Your last solution approach should work for us, that’s what we were looking for. And, we are fine with delay of 6-12hrs, that’s not a show-stopper for us.

Thank you so much @tpettersen for your suggestions, relly appreciate that!

Regards,
Nikhil Diwan

1 Like

Glad to hear it @NikhilDiwan, good luck with the implementation!

If you run into any issues, please don’t hesitate to reach back out.

cheers,
Tim

Edit: actually, even if it all works smoothly would you mind checking back in here to confirm that the proposed solution worked? I imagine there may be other Marketplace Partners who may stumble upon a similar use-case in the future :slight_smile: In the meantime I’ll ensure we get the documentation for the text field on that API updated to indicate that it can be used to query other values as well.

1 Like

Hi @tpettersen ,
Now we have another condition, here is a breif:
For the solution you provided as below:
https://developer.atlassian.com/platform/marketplace/rest/v2/api-group-reporting/#api-vendors-vendorid-reporting-licenses-get
we need to share/save vendor’s credential (username n password) in our code. And this is a confidential information, I do not want to to share this with anyone in Development team.

Do we have any other workaround (though I know you said, there is no other way), but any alternative api that we can use on current cloud instance to know all addon/plugin license details. We just don’t want to use reporting api, as it can cause us confidentiality issue.

Please let me know, if you have any other solution.

Thanks for all help,
Nikhil Diwan