We are basically trying to build an integration between Jira (Cloud) and 3rd party software. Our use case is that the different 3rd party systems require access to data in Jira, for different projects. This needs to be highly automated, and not require any knowledge of (or even direct access to) Jira.
As far as I can tell there are 3 ways that I can obtain access to data in Jira:
-
Atlassian Connect, designed for people who work in JIRA (not suitable for this use case).
-
OAuth 2.0, which is user oriented, rather than “organization” oriented, which requires interaction, and require duplicated data, as this is already handled by our IAM software.
-
Basic Authentication, which would technically work for our use case, at the low cost of introducing an attack vector. Which could be mitigated by restricting access to this, with for instance IP filtering, which does not seem to be an option sadly.
Neither of these approaches really work that well, Is there something I’m missing, or should I just go with basic authentication?
Kind Regards,
Mikkel Løkke