How to authenticate request to an external service?


I’m making a feature which would require my server plugin to communicate with an external service (which is also a project of mine, so I have control over it). Think of that service like a part of plugin functionality that I want to host myself for certain reasons.

What would be the best way to facilitate authentication between the plugin installed on a specific Jira Server instance and an instance of the external service ?

So for example an user installed my plugin on his/her Jira instance. I want my plugin to be able to send a request to my service, which in turn should be able to determine that in fact the request comes from the plugin and is tied to a specific Jira instance. Then the service should send a response. Ideally the whole process should not require user action - no registration process, key/license generation for the external service. User just installs the plugin and it works out of the box.

Do you have any ideas ? Does the whole thing make sense to you ? Is it even a valid idea ?

Just throwing some ideas:

  1. You could verify the request came from the correct Jira instance
  2. Use some kind of public/private key mechanism if you don’t have user registration and such

Thank you for the response.

I’ve also thought to use public/private key pair to secure the communication, but how to verify the Jira instance ? The thing is, that the plugin will at least initially be free to use, so there is no license associated with it (at least that I’m aware of). So even if I send, for example, the SID and base url of the instance I have no way of verifying it on the side of the external service, because without registration there is no record of it.

If the plugin had a license associated with it, I could probably do something like sending it over to the service, which would in turn send a request to my Atlassian Marketplace / Vendor account to check if such license exists.