I’m currently developing add-on for Jira, according to official Atlassian tutorial I think about security of my add-on.
My add-on atlassian-connect.json is currently available using ngrok tool, so everyone with link can install this add-on using that url. My goal is to allow add-on installation only with access token generated from Atlassian Marketplace, how should my add-on descriptor file (atlassian-connect.json) upgraded to only allow installation with access token? (I’ve added add-on to Marketplace, but it can be still installed using ngrok link). What is the best solution to allow installation of add-on for several people, when atlassian-connect is accessible public? How should it be done properly? (To be precise, I’m installing add-on on Jira Cloud).
Thanks in advance,