I’m venturing forth into the world of Apache JMeter, to stress-test my JIRA Cloud add-on. First major challenge is in simulating calls from the Atlassian host application to my add-on, with all that JWT stuff.
Have you tried testing your add-on with JMeter? How did it go? Any pitfalls to look out for?
Make sure that you don’t hit any end points that make call outs to the Atlassian products. 
When we do our load testing we disable the time validation of the jwt token so the rest of the calculation is done.
Oh, yes, very good point. That’s more motivation to push functionality down into the browser too.
I’ve written a plugin function for JMeter that creates a JWT like JIRA would. So far that appears to be a good approach.