How does the Personal Data reporting API work? Authentication? Who calls it?

Hi All,

We store users’ email and phone numbers in our persistence storage historically and are in process of implementing the Personal Data Reporting API(

I don’t fully understand reading the above mentioned doc how exactly this API work,

does this API need to be invoked somewhere in app code? Should we have a job which runs this API in every 15 days - if yes, how does that job authenticate to invoke that API?

From an invocation perspective, I understand that its a POST API which expects us to provide a list of accountIds whose personal data we are storing.

Please if someone can elaborate what is the expectation here. How does the personal data reporting flow supposed to work? Apps calling this API every 15 days inside app code where JWT is obtained or if any other vendor has already done the implementation.

I’m pretty new to Atlassian-connect and really don’t have a lot of idea as to how this API needs to work. Excuse my naiveness.


Thanks for your question.

You will need to call this API in the context of your App, using JWTs to authenticate.

The natural approach would be to call the reporting API in the context of each site into which your app is installed and report on the users in those sites. This would make sense if your userbases are site based.

The reporting API will, however, allow you to report on valid accountIds for accounts outside the site through which the report is made. If you have a global userbase then it is possible to report on all the accountIds for which you have stored information across all sites.

I hope that helps. Please let me know if you need more information.


Hi - having issues implementing auth on this API with Connect, as detailed here Personal data reporting API returning 401 (Connect + JWT)
Any insights on what may be the cause ?