Cloud JIRA App - JWT Token not passed in each outgoing request from App


I am creating app in JIRA Cloud with help of reactjs and atlaskit… and want to pass JWT token in my each ajax request… As per document suggested JWT always attach in all outgoing request from inner iframe… Somehow it’s only working in main loading page… if my router changed internally to navigate different component… jwt not passed in each request.

After some research found we can get token using javascript API getContext… and got the token… so i will get fresh token every time and before sending ajax request i will set token… However this token also expired after some time.

Any possible way to pass JWT in each AJAX request without expire of token…

const axiosInstance = axios.create({
baseURL: “<BASE_URL>”,
headers: {}

const getToken = () =>
return new Promise(resolve => window.AP.context.getToken(token=>{
return resolve(token);

let token = await getToken();
axiosInstance.defaults.headers.common[‘jwt’] = token;
const response = await, params, config);


The thing is… JWT tokens are meant to expire. That is an integral part of why it is considered a somewhat secure method for authenticating requests between systems. Given that the host product does the authentication for you, you will need to know for sure the user is still actually authenticated in your backend system. You do this by always asking for a new token upon each request to your own API, giving the host product the ability to determine if the user is still properly authenticated.

What would be the reason for not wanting to call AP.context.getToken() for each request?

1 Like

There are ways to make it easier to implement this. For instance, Axios allows you to add a global transformRequest method or axios.interceptors.request handler which can manipulate the headers of each request made to your backend. This is a perfect location to do AP.context.getToken().

Additionally, if you make a lot of requests, you could also store the JWT in a local variable and only invoke AP.context.getToken() once it is expired. You can even use caching mechanisms like store with expire plugin and a lazy loading mechanism which does the heavy lifting for you.


Bcoz JIRA automatically send jwt in my all request as part of Referer. this is working only for my main index component loaded… when i navigate in application it’s stop sending referer in my ajax request. so i have to get jwt token every time.

Any way i defiantly try with axios.interceptors to set jwt

Yes that makes sense. The request originates from the iframe and the iframe source will have the token. However, once you start interacting with your components, you are actually in the space of your own application and not Jira. So the request will now originate from your app. There is no interaction with Jira anymore. To some extend, relying on the referrer in this case is not recommended. You should really add logic to provide the token yourself as this is part of your apps responsibility.

1 Like