Guidelines for requesting access to email address

@ademoss - Actually yes, there was some talk of a notification service - I think I mentioned it during App Week Amsterdam 2018. We decided to go this route first for two reasons: enabling account linking use cases (e.g. connect Jira to Outlook, etc.) and the second is that Jira and Confluence are in the process of revamping their notification systems which we believe needs to be built first. This topic is still on our backlog though.


I have a question regarding the quoted text below I read in the new vendor agreement:

© End User Communication. You may use End User Data to communicate directly with end users, provided that such communication is: (i) with technical and billing contacts, (ii) required under applicable law, or (iii) consented to or requested by the end user. In all cases, you will ensure that any communication with end users is conducted in accordance with all applicable laws (including obtaining all required end user consents). Notwithstanding the foregoing, you shall not send marketing messages to end users within any product experience integrated with Atlassian products without the explicit written consent of Atlassian.

Would this imply that we always have access to the email of the technical/billing contact in lifecycle calls or through the API in order to communicate directly with these end users?

1 Like

@f.demir - No. We have separate mechanisms for each.

To get contact information for Billing and Technical contacts you can use the Sales Report API (separate from product APIs) provided through Atlassian Marketplace.

To get access to end user emails you can either build a 3LO app in which you would gain consent from the end user on install or you could request access to the Email API described on this page.


If I’m developing an application on a Cloud instance for internal-use by employees (i.e. not distributed on the marketplace), will I still need to submit a request for an exception? The company is globally distributed, but the application is not using the data for anything other than linking user profiles.

Hi @david.gunter - yes. We need to add your app to an internal whitelist. Otherwise the API will not work.

@akassab - I see in the weekly update that the Email API is ready.

Can you point me/us to the documentation for that API?

Here I believe:


This is fine for ID to email address. What about the other way around? Say you have been given an email address - how would you query Jira to get an account ID for that address (if one exists)?


How, in the context of GDPR and the Email API, the following REST endpoint works:

  • Does it still work? Can we still use it?
  • It used to accept usernames (at least example suggests it). Has it been changed to accept Atlassian account ID?

It is either not GDPR ready or documentation was not updated.

Another question: are there any plans to let apps post notifications to the new Jira notification area? Is there any issue that we can watch and vote? I wasn’t able to find any. Our customers ask for that.


1 Like

Is access to the Email API available restricted to Apps, or could requests outside an App also be given access? Also, is there public documentation on the whitelisting mechanism?


@MichaelNelson - The restricted email API is only available to apps. Direct REST calls or functionality provided through scripts, etc. using API tokens are not. The whitelisting mechanism is and will not be documented. The process for getting whitelisted is covered above and also available here:

Thank you for clarifying this, Alexandra.


@akassab I have a request open since 25th of July, could someone finally take a look -

Thank you for the guidelines. Could somebody explain me, can I request access to the Email API for a simple 3LO app created via if the app itself is private and still is in “In development” status?

@DmitryBogomolov no 3LO apps can’t have access to the email API. Access requires at Atlassian Connect app key. 3LO apps should not need it as they will receive non-public PD for the users who grant access.

1 Like

I’m guessing that this also means that existing customers will have to manually approve the upgrade to newer versions (with extended scope) in “Manage apps” tab?

1 Like

I raised a Request access to the Email API ticket in DEVHELP a week ago. There’s been no follow-up from Atlassian yet. I think my ticket might have been lost due to refactoring DEVHELP. Could you suggest who to contact to check that?

1 Like

How quickly can I expect my ticket to be reviewed?
It has been a few days now with no updates.


1 Like

@akassab Might be worthwhile to reference this info in the documentation here:

@akassab How long it usually takes for the app from being approved to being included in whitelist so API can be used? I got my application approved month ago (24th of March), but still I cannot use the API