App Key Access in Application JS

What I am trying to achieve is that I want to create a Add-On for Jira to connect with my spring application and consume it’s rest services. But my rest application is a multi-tenant system like jira and i need to figure out which tenant made the service request. For this I have to create a secret key in my spring application that i require the Add-On to provide in each request so that I can connect with the appropriate tenant and access the data.
Is there any way I could use add-on to save some data in JIRA that i can access in the Add-On later on?
This can be in the property descriptor of the Add-On but I need to access this data in the Add-On application.
These are some proposed mechanisms that I am looking forward for :

Both the mechanisms will be followed by exchange to the token in every request to show the specific user’s data from the system.

It’s possible, it’s just not very smooth. You’d set it up as a multiple step process.

You’d basically need to publish an app on the atlassian marketplace - then:

  1. In your spring powered page as the first step - you would have the user to install the Atlassian Connect App
  2. In your spring powered page as the second step - have the end user type in the base url of their instance (ie. my-instance.atlassian.net). Using javascript you then forward the browser to an adminPage and pass in some type of handshake token in the query string.
  3. When the adminPage loads - the Atlassian Connect app can verify that the user is an adminUser of the Jira instance (using conditions - https://developer.atlassian.com/cloud/jira/platform/conditions/ ).
  4. The Atlassian Connect app will receive the handshake token as a query parameter ( https://developer.atlassian.com/cloud/jira/platform/context-parameters/#app-specific-context-parameters ). You can then connect them together.

Hope this helps.

1 Like

Hi Daniel,
This is really helpful.
Well this is actually like a two way authentication system that you have proposed.
I was hoping to skip all of this by just specifying a shared key in the app descriptor of the Plug-In.
Is there any way it is possible that I can specify a shared key in the app descriptor and this key can be included in all of the requests the application makes to my spring application?
All of this will prevent the user from the hassle of configuring the plugin when installed.

Thanks for you support daniel. I really appreciate you spending your precious time for me.

Not really. The descriptor is static so you can’t put in any tenant specific information in it. :frowning: