Authentication on Add-On backend endpoints

Hello, I have a conceptual doubt regarding with securing internal endpoints of an add-on.
I read Authentication for apps (, but I believe the explanation there are valid only for requests from the Addon to Atlassian and vice versa, but what happened with the addon and its own internal services?
Should I use the same JWT or can I go with any validation strategy?
Is it there a recommended way?

1 Like

Hi @Michael_Soza ,

I think you linked to a Bitbucket Cloud article. Here are some relevant Jira Cloud articles:


Hi @dmorrow, thanks for pointing that out. Nonetheless the questions remains the same.
Do you know if the validation of JWT token mentioned there only applies for communication between Addon - Atlassian and vice versa and what happened with internal services (AddOn - backend servers for example) is up to the developers?