Hi developer community,
We announced a change on 8 Feb, 2025: Jira and Confluence Cloud API’s will reject malformed GET requests with a body payload/data to to enhance performance and web security. The rollout will occur over the coming months, country by country.
Who will be impacted
This improvement may unfortunately impact a small number of Jira and Confluence Cloud API integrations with your connect apps that are accidentally including a body/data/payload in GET requests, which will be rejected with a HTTP 403 response code.
What do I need to do?
Review your application’s API integration with Jira and Confluence to determine if there are any instances of sending GET requests with a body. If there are no such malformed requests, then your integration is not impacted, and no further action is required. Conversely, if such requests do exist, it is imperative to take corrective measures to ensure that your HTTP client code for the API integration does not include any body with its GET requests, as these are unnecessary and were previously disregarded.
If you are utilizing the Atlassian Connect Express Framework, you have the opportunity to upgrade to the latest version. This update will automatically eliminate the body for malformed GET requests sent to Jira and Confluence.
When to Fix
It is strongly advised that you rectify this issue at your earliest convenience if your application is transmitting malformed GET requests with a body.
This rollout will take place over the upcoming months, progressing country by country, with each country expected to complete the migration within approximately 1 to 2 weeks.
If you have any concerns or feedback, comment in the section below. We’d love to hear how we can help you.
Considering that Atlassian themselves recently added the Get issue limit report endpoint to Jira that must have the request parameters supplied in the body of the request, then such requests now being considered as ‘malformed requests’ and will be rejected would seem to infer that… you have just shot yourselves in the proverbial foot!
Or am I missing something here?
2 Likes
@sunnyape Ben from Atlassian. I think you’ve got us on this one. I’ll touch base again with the API team. Apologies.
1 Like
Hello @bmcalary
Can I assume that the announcement in the Jira Cloud Changelog on the 14th of this month where “We [Jira] will no longer accept a request body for the GET Issue Limit Report API. Any API calls made with a request body will result in a 403 error. If you are using a request body with this API, you will need to modify requests to avoid errors.” was the ‘fix’ to that endpoint to align with the change announced in this thread?
Given that this change has effectively rendered all the request parameters for that endpoint impotent, but the documentation for that endpoint hasn’t been updated to reflect this change, I have a strong suspicion that might present some, ummm, ‘technical challenges’ to anyone who attempts to use those endpoint parameters as documented.
@sunnyape I’ll ask someone from the API team to comment.
Hey @sunnyape,
thanks for raising that! As described in the Jira Cloud Changelog, the API will no longer accept a request body. The change is in the deployment queue and should reach production shortly. The documentation GET Issue Limit Report API* will be also updated automatically.
In the meantime, the customers can continue using the API without providing the request body as it has been an optional parameter from the very beginning.
1 Like