Jira API Guidance for Integration with Bespoke Software

oauth2
authentication
rest-api
jira-cloud

#1

Hello all,

I’m new to Jira and need some advice on integrating with our bespoke software.

What I am trying to achieve:
I am trying to integrate our website with our JIRA Cloud system. The idea is that that website will create issues directly into our Kanban board under certain circumstances.

The user submitting should not have to approve access to their Jira account as the request may be made passively by the site, for example, after x amount of time has elapsed.

However, I am struggling to get started. Specifically, I am confused as to what type of authentication is available and appropriate in this situation.

I have read the following links:



https://confluence.atlassian.com/adminjiraserver/using-applinks-to-link-to-other-applications-938846918.html

I think that I would need to use basic authentication and have a service user in our Jira system but I am lead to believe that basic authentication is deprecated, even though it seems to be the method of choice on the Jira API libraries that I’ve found on packagist.

I thought that applinks might be appropriate as it seems to support 2-legged authentication but it seems that they are only available with other atlassian products:
https://confluence.atlassian.com/adminjiraserver/using-applinks-to-link-to-other-applications-938846918.html

I’m not particularly afraid of the docs but I am really struggling to understand which authentication scenarios are available to me and, of those, which ones suit our situation. Could anyone chime in with some advice/direction (even if it’s just to confirm that I’m not missing something and that I should be using basic auth)?

Thanks in advance,

Mike


#2

Hi @michael.mcgettrick,

I did a talk on this very topic at Summit AND Atlas Camp in September. Take a watch through this talk and let me know if it helps you out at all. Feel free to ask any follow up questions and I’ll be glad to help.

https://www.atlassian.com/atlascamp/watch-sessions/code-and-beyond/choosing-wisely-when-extending-atlassian-products


#3

BTW, in the talk I mention that 3LO is coming. It’s landed and is currently in Beta and might be a option to you as well. To learn more about 3LO take a look at the docs and the Atlas Camp talk.


#4

Basic Auth with a PASSWORD is deprecated. You can still use Basic Auth but you need to create an Access Token in your Atlassian ID.
See docs for details on how to use Basic with Token.


#5

BTW, have you considered using the Jira Issue Collector functionality already available in Jira?

You can see this in action if you go to any documentation page on developer.atlassian.com and at the top of the content there is a link that says “Give docs feedback”. That link is an issue collector and allows anyone to create an issue into our project and we can set the project to show those issues automatically in a kanban board.

I’m not sure if this will meet your needs or if you’re looking for something more dynamic for your users to configure which project issues would go to (REST API would be the way to go there).


#6

Hello Rwhitbeck,

Thank you so much for such a comprehensive response.

I’ve watched your very informative video and I think that what I really need is to use the Rest APIs via Oauth2 2-legged authentication. We don’t want our users to have to be redirected or have to give permission for an issue to be taken need the issue to be created programmatically.

I was really hoping I could find a PHP library that would have the leavy lifting done for me but I can’t seem to do so. So, it looks like I might need to write this myself.

To that end, could you point me at the right documentation page for Oauth2 2-legged authentication? I keep getting drawn to Oauth2 with impersonation in links such as the below:
https://confluence.atlassian.com/kb/details-of-2-legged-oauth-2lo-with-impersonation-857064486.html

But I’m pretty sure this is not correct because it starts talking about setting up application links and seems to be around Confluence rather than Jira.

It would also be great if you could link me to instructions on generating the necessary keys that I could pass to our Jira admin?

Regards,

Mike


#7

Unfortunately, we don’t offer OAuth 2 2LO with our products. Your only options in working with REST APIs are:

  • Basic Auth w/ API Token
  • OAuth 1.0a
  • OAuth 2.0 3LO

#8

Hello Rwhitbeck,

Thanks for the breakdown. As a final question, could I confirm that Jira doesn’t offer a 2-legged option with OAuth 1.0a?

Regards,

Mike