Hello,
I am developing an app that needs integration with JIRA’s rest API. We would like to post the app on the Atlassian marketplace to avoid having users enable developer mode.
The issue we are running into is that our customers are all in different JIRA environments and having a singular base_url set in our atlassian-connect.json config file for the application raises security concerns due to the responses from the API all routing through a singular point (the static base_url set upon installation).
Is there a way for us to dynamically set the base_url after installation so that there is not a single point of contact for all who install the application.
If this is not possible, is there a widely accepted way of handling this issue of consumers of the application not wanting all of their data to be routed by a singular url?
Hi @kennybean. Welcome to the developer community.
The baseUrl is intended to point to your app’s backend. For starters, this is where lifecycle events are sent when an app is installed, which is how your app will discern between the different installations across different customer instances.
Cloud apps on the Connect framework are intended to be built with a multi-tenancy architecture, where you’d have your single instance of your app serve multiple customers (tenants). This is generally accepted by customers, with the expectation (and requirement) that you’ll securely handle and save the data for each tenant in isolation. See: Multitenancy
If you’re still in the planning/exploration stage, you may want to consider using the Forge platform. There’s no app hosting required (it’s serverless, running in Atlassian’s cloud), multi-tenancy is intrinsic, and it’s very easy to get started. Making API calls to Jira is a snap, too.
Alright so if this is the case and it is okay for us to use the single baseURL, my second question is, how do we allow users to apply their own filters to what is received by our JIRA connect app?
My ideal state is that the user’s JIRA instance only outputs information enabled by the user.
An example may be that user has a multiple projects in their jira instance but only wants the project named “TestProject” to have information sent to the app (say when a user creates an issue under the “TestProject”). I understand that we can filter this once we receive the message from the JIRA API, but is there a way for the user themselves, after installation, to apply a filter so that the only information sent to the app is info that pertains to a specific project.
Right now from what I am reading, I can set a “filters” key in the atlassian-connect config file but I want the users of the application to be able to set the filter that they want.
Right now from what I am reading, I can set a “filters” key in the atlassian-connect config file but I want the users of the application to be able to set the filter that they want.
@kennybean Are you referring to using JQL-based filtering in webhooks? In your example of allowing an end-user to choose which project(s) your app would process data for, you should consider designing your app to store those preferences elsewhere (not storing these in the descriptor).
For example, you would have your app subscribe to the relevant events you’d like to action on (ex: jira:issue_created, jira:issue_updated), and when the event fires and your app receives the data, at that time, your app can decide as to whether or not anything needs to be processed based on the users’ preferences.