Is an Application Link required for automated REST calls?

I’m working on a small integration with Jira issues. I have a Connect App that renders some entity properties in the right panel. The data it renders will be provided by an automated external process (no user interaction). Ideally, the user would only have to install the Connect App for all of this to work.

So far, I haven’t been able to find any documented pattern to achieve this.

The best I’ve come up with: The Connect App is supplemented with an Application Link. The automated process I referred to earlier uses the Application Link (OAuth) to securely access the REST API.

What I don’t like about this approach is that it requires the user to install an App and configure an Application Link, making for a pretty involved process.

Does anybody know of better options?

1 Like

It sounds like there are three services involved here:

  1. “Automated External Process”
  2. Your Connect App
  3. Jira Cloud

Why can’t you make the Automated External Process post data to the Connect App that will, in turn, forward that data to Jira? Your Connect App and Jira already have Authentication and Authorization mechanisms so you will need to build your own custom one between Automated External Process and “Your Connect App”.

As a question: is this a Connect App that you hope to put on the Atlassian Marketplace or is this a one-off App for your own custom use cases?

Thanks for your advice.

Your Connect App and Jira already have Authentication and Authorization mechanisms so you will need to build your own custom one between Automated External Process and “Your Connect App”.

If a user installs the Connect App, ACE emits an event host_settings_saved which contains a “client key” that may be used to authenticate outside of a request context. In this scenario, how does the external process know which “client key” to use when calling into the Connect App?

There is no way for the external process to know which host settings are owned by a given external account. The host settings appear to be identified by base URL. If the external process allowed users to configure the integration by base URL, there would be nothing to prevent one user from providing another’s base URL and accessing their data, provided both users installed the Connect App.

The external process (app) needs to somehow securely relate its own accounts to the Jira accounts that install the Connect App. The same will go for a Server App if we get that far. I mentioned Application Links because they appeared to provide a way for users to securely create an OAuth grant for the external process, and that way would be portable between Cloud and Server apps.

As a question: is this a Connect App that you hope to put on the Atlassian Marketplace or is this a one-off App for your own custom use cases?

This is a Connect App that we hope to upload to the Marketplace, providing basic integration between our product and Jira.

If you need to relate external to Atlassian users to Atlassian accounts (instead of one app to another) then you want the 3LO auth flow: https://developer.atlassian.com/cloud/jira/platform/oauth-2-authorization-code-grants-3lo-for-apps/

1 Like