Cross product requests via Application links proxy

Hello!

I’m working on a new feature to our Whiteboards for Confluence app. We want to allow users to work on their Jira issues inside our Confluence app. Just like you can add an issue link to confluence page, you would be able to do that on a whiteboard inside Connie.

I was investigating all available options on how this can be achieved, taking into account various aspects: security, end user experience, maintainability for admin, implementation complexity, robustness etc.
The options I considered: 3LO app, proxy via our backend, API token, regular application link.

Each of them is flawed in some way, so I started looking beyond options that are currently available.

That’s how I ended up looking at Application Links proxy REST endpoint:
/wiki/plugins/servlet/applinks/proxy?appId=$APPID&path=$PATH
This URL should work for you(assuming you have account on EAN): http://ecosystem.atlassian.net/wiki/plugins/servlet/applinks/proxy?appId=6fbab7f2-146c-3d9e-bb2b-56e47a166735&path=/rest/api/3/myself
As a result there is an answer from Jira.

This seems to be the best solution, because:

  • it’s completely seamless for end user
  • security included (user impersonification)
  • implementation and maintenance cost is super low

Currently this REST endpoint will fail with a 403 error if executed from Connect app iframe(or backend). The access is deliberately blocked for Connect apps, in particular the server is checking for ap-client-key HTTP header.
I would also not able to retrieve the appId value.

The problem of cross product apps is not new, several app vendors are struggling with it, delivering subpar experience for end users in the process.

I wonder if this could be a solution to this issue? The suggestion is to enable Connect apps to use this rest endpoint. Additional SCOPE could make sense as well.

13 Likes

We have tons of requests to integrate our reports from Jira in Confluence. Would love to have a seamless way without adding extra Confluence app like it’s done by eazyBI.

Even if you have to have 2 Apps the installation process can be improved for Jira and Confluence. We do Jira to Bitbucket, and Bitbucket allows App installs to be triggered from a button we place in the Jira App. We can even pass a token as part of the installation request so we know it’s source

We use the same proxy solution for Jira/Confluence Server, and it was great to find that because we could easily reuse most things we had working in Jira inside Confluence. Would be great to have this proxy strategy working for Cloud/Connect too!

2 Likes

This is not my case (migration), but it highlights how obviously the user experience will suffer after migration from Server to Cloud. (mentioning @kderenda here :slight_smile:)