Email address is a user profile field managed by Atlassian Account. By default this field will be hidden from our public cloud REST APIs and no longer generally accessible to apps.
Apps may receive access to email address in the following ways:
- Individuals have unhidden their email address from public.
- Apps have received explicit consent from individuals through a 3LO consent flow.
- Apps using admin installation and consent flows (i.e. an admin has installed and consented on behalf of end users) have been approved to access the email API.
Keep in mind, the access to email address offered under #s 1 and 2 above can change based on user action. Individuals may choose to hide their email address at any time by changing their profile visibility settings. They may also choose to revoke consent previously given to an app to access to their personal account details via a 3LO flow. By contrast, apps using the Email API will have access to email address for all users across an instance as long as the app is actively installed. This access will not be affected by user opt-outs or changes in profile visibility settings.
The Email API is a public API (it will be documented like any other API we provide and officially supported by Atlassian), however only apps that have been approved and whitelisted will be able to use the API to retrieve email addresses.
In order to apply for access to this API the app must meet all current requirements for being listed on Atlassian Marketplace (even if the app is not listed on Atlassian Marketplace).
This means:
- The app developer has provided a privacy policy
- The app developer has provided a customer terms of use agreement
- The app developer must signal whether or not the app collects and stores personal data.
If the app is storing personal data the app must report the accountIDs that have been collected and stored every 15 days. Read more on the personal data reporting API.
How to request access to the Email API
If you would like to request access, raise a ticket with our Marketplace Support team.
In your request you must provide:
- Company name
- App name
- App ID (aka app key or add-on key)
- Link to your app listing on Atlassian Marketplace OR URL to your privacy policy, customer terms of use, and an indication of whether or not your app stores personal data.
- A description of the functionality provided by the app which requires email address (aka your use case).
- The language from your privacy policy which describes how you process email address
Valid Use Cases
The following use cases will be considered for approval:
| How email address is processed | Functionality provided |
|---|---|
| Send transactional emails | Send error reports |
| Send security alerts | |
| Allow users to subscribe to alerts / news feeds | |
| Allow users to invite other users to collaborate | |
| Account Linking | Connect a mail service for inbound / outbound mail processing |
| Sync users with another system |
You may select multiple use cases. If one of the use cases youâd like to get approved is not in the above list, please include details about your use case in your ticket.
Use cases which will not be approved
| How email address is processed | Use Case |
|---|---|
| Send transactional emails | Inviting users to company events |
| Send newsletters, campaigns, or other marketing emails | |
| Send materials to facilitate end user onboarding | |
| Send subscription / renewal reminders |
The approval process:
Certain use cases are auto-approved pending completion of the request form. Other use cases will need to be reviewed further. Upon approval, we will notify you that youâve been added to a whitelist and can begin using the Email API to receive email addresses for your approved use case.
We will also update your app listing on Atlassian Marketplace to inform our customers that your app has been approved to access email address despite profile visibility control settings. Upon install, your app will display a new scope associated with this API.
On appropriate use of the Email API
If you are using the Email API to receive access to email address you should only be using it to provide the functionality described in your request. Should you decide to build additional features / functionality which require email address you will need to update us by either raising a new request or updating your existing request.
You may not use email address in the UI. Email address is hidden by default which means displaying email address in the UI could leak private personal data to other users in that system.
Additionally, you may not share email addresses with any other third parties (including other apps) unless required to provide the service to the end user.
By accessing the Email API you also agree to our Atlassian Developer Terms andAtlassian Marketplace Vendor Agreement, which reserves Atlassian the right to conduct audits at any time to confirm your compliance with these Guidelines and any related procedures. We also reserve the right to remove your app at any time from the Email API whitelist which will prevent your app from receiving further access to email address, and if necessary, to de-list your app from Atlassian Marketplace.