How to build a Jira Server plug-in that allows API access from a third-party?

Jellyfish · June 24, 2019, 3:36pm

We have the desire to build a Jira Server plug-in that would allow access to the REST API from a third-party. We’d like to make this plug-in available in the Atlassian Marketplace.

This seems straightforward for Jira Cloud – we can build an Atlassian Connect app using an application descriptor that allows for read access, and the connected app will be authorized to make calls to the Jira Cloud REST API.

It doesn’t seem that the Jira Server plug-in integration architecture is designed for such a capability though. If we want to make calls to the REST API from a third-party system, we need to do so using a user’s account credentials.

What would be the best way to integrate Jira Server with a third-party system that wants to call Jira Server’s REST API? Is setting up a user in the Jira Server instance and having the third-party system authenticate to the REST API using that user’s credentials the only option?

Thanks,
Matt

sven.schatter · June 24, 2019, 4:15pm

Sounds like you want to use @AllowAnonymous on your REST API.

Be aware though that you need to do your own kind of permission/auth checks as everybody without authentication can access your API then.

Jellyfish · June 25, 2019, 6:09pm

Thanks for your response. To clarify, what I’m really after is the ability to authenticate to the Rest API for Jira Server using a JWT token, the way we can to Jira Cloud from an Atlassian Connect app.

Others have asked for this too:

And there’s an outstanding feature request:
https://jira.atlassian.com/browse/JRASERVER-67869?_ga=2.228982684.1436601921.1561379887-1382453142.1525970676

RomaBubyakin · October 24, 2019, 10:57pm

Hello,
I have created the plugin for this missed functionality,
API Tokens for Jira

Hope it will help you,
Roman