I’m working on a new feature to our Whiteboards for Confluence app. We want to allow users to work on their Jira issues inside our Confluence app. Just like you can add an issue link to confluence page, you would be able to do that on a whiteboard inside Connie.
I was investigating all available options on how this can be achieved, taking into account various aspects: security, end user experience, maintainability for admin, implementation complexity, robustness etc.
The options I considered: 3LO app, proxy via our backend, API token, regular application link.
Each of them is flawed in some way, so I started looking beyond options that are currently available.
That’s how I ended up looking at Application Links proxy REST endpoint:
This URL should work for you(assuming you have account on EAN): http://ecosystem.atlassian.net/wiki/plugins/servlet/applinks/proxy?appId=6fbab7f2-146c-3d9e-bb2b-56e47a166735&path=/rest/api/3/myself
As a result there is an answer from Jira.
This seems to be the best solution, because:
- it’s completely seamless for end user
- security included (user impersonification)
- implementation and maintenance cost is super low
Currently this REST endpoint will fail with a 403 error if executed from Connect app iframe(or backend). The access is deliberately blocked for Connect apps, in particular the server is checking for
ap-client-key HTTP header.
I would also not able to retrieve the appId value.
The problem of cross product apps is not new, several app vendors are struggling with it, delivering subpar experience for end users in the process.
I wonder if this could be a solution to this issue? The suggestion is to enable Connect apps to use this rest endpoint. Additional SCOPE could make sense as well.