Blocking application access to frontend Forms APIs

Hi,

In today’s Developer Change Log , you’ve announced that

ANNOUNCEMENT Blocking application access to frontend Forms APIs

On or after 2 August 2024, we’ll be discontinuing and blocking app access to our frontend Forms (previously ProForma) APIs in Jira Service Management Cloud.

To ensure uninterrupted service, we recommend transitioning any custom scripts and/or webhook Jira Automation rules that rely on API_TOKEN to access Forms to the Forms REST API. This will allow you to continue accessing this data, as well as maintaining long-term compatibility and support.

Am I reading it correctly that you’re dropping Basic Auth from the Forms API?

We recognize that removing Basic Auth from the API is a great improvement from a security standpoint but we believe the current timeframe for removing Basic Authentication is too short.

We’re requesting an extension of the timeframe for the removal. This additional time will allow us to:

• Thoroughly develop and test the new authentication method
• Raise possible concerns, limitations or blockers to Atlassian
• Reduce the risk of customer impact

Generally the deprecation notice is 6 months, but it may be that we’ve missed the earlier communications on this one. Please point us to the right resource if that’s the case.

Janette
Refined

@janette,

No, I don’t think that’s what it’s trying to explain. Unless your app is using something other than the REST API. Basic auth via API tokens will remain for REST APIs.

Can you confirm you are using the documented REST API? Or were you referring to an undocumented API?

Thank you for the quick response! Me and my colleagues just interpreted the message differently.

I am still not sure what exactly is being deprecated here, some undocumented APIs?

@janette,

Yes, an undocumented API. Normally, we don’t provide a change log entry but I’d guess the team can see some requests coming through from the HTTP logs and are being extra careful.