How to implement JWT authorization in addon REST Spring Atlassian Connect API?


I created plugin using

mvn archetype:generate -DarchetypeGroupId=com.atlassian.connect -DarchetypeArtifactId=atlassian-connect-spring-boot-archetype -DarchetypeVersion=1.5.1


     "scopes": [
    "read", "write"
  "authentication": {
    "type": "jwt"
  "lifecycle": {
    "installed": "/installed",
    "uninstalled": "/uninstalled"
  "enableLicensing": false,
  "modules": {
    "generalPages": [

        "key": "comments",
        "location": "",
        "name": {
          "value": "Comments"
        "url": "/rest/api",
        "conditions": [{
          "condition": "user_is_logged_in"

I am trying to access my API

                 		url: "",
                 		type: "GET",
                 		dataType: "json",
                 		contentType: "application/json",
                 		async: false, headers: {
        'Authorization' : "JWT {{sessionToken}}"
                 		success: function (data) {
                 		error: function(response) {

  1. How to get jwt on JS side (it is better to describe simple plugin step by step, if u could (I checked many links with examples, but…))?
  2. What is valid path to place my x-addon.js with all small logic?
    I know all ways for server development, but not for cloud.
  3. Does expired license affects this? Is it possible to get free license without buying it or without buying addons? It is normal to buy, but not for casem when development is unclear and support gives no response. Will buy it later.

special thx, if u write me to skype dn230687kav, I will repost answer here.

@arthurdnu, see answers below.

  1. See my answer to your other post How to authenticate into external server (addon REST API)? (Please don’t double-post.)
  2. Please see the Spring Boot documentation, e.g. Serving Static Web Content with Spring Boot and Spring Boot Reference Guide: 28.1.5 Static Content.
  3. Please see Getting started Jira Cloud: Set up your development environment.

Thx very much! That is not duplication, I did not noticed autoconfigured jwt before that, but now I tried it.