We are currently working on integration our application with JIRA. We want to offer our customers to create issue/comment on issue directly from our application.
As we’d like to deliver the functionality fast, we come up with this solution (note our customers might be using both cloud and server JIRA).
- we ask our customer to setup new user in JIRA which can access all required projects and have permission to create/comment on issues
- customer will provide us with the newly setup user credentials (username & password)
- we securely store those credentials
- anytime customer will want to create issue/comment directly from our app
- we list the projects dedicated JIRA user can access
- customer selects project and then he can either create new issue or comment on existing
- if he decided to comment on existing issue we allow to filter for issue by issue status/issue-number and display list of available issues with their titles
- all of those REST API calls will be using Basic Authentication with stored credentials
By letting customers to setup the JIRA user themselves this should ensure user will have correct permissions and customer can control which parts of JIRA can we access on their behalf.
We tested prototype with cloud JIRA so we know the concept can work. But since it is our first work with JIRA api, is there something what we are doing wrong and there is better solution available to us?