License endpoint returns inconsistent data

For the customer requests that come to our Connect service, we send a request to “/rest/atlassian-connect/1/addons/{addonKey}” to get licensing information. If the license is expired, we reject the request.

For many customers we get a response like the one below:

{
“key”: “<our_plugin_key_here>”,
“version”: “<latest_version_number>”,
“installedDate”: 1629877461000,
“lastUpdated”: 1638900216000,
“state”: “ENABLED”,
“license”: {
“active”: true,
“type”: “COMMERCIAL”,
“evaluation”: false,
“supportEntitlementNumber”: “SEN-XXXXXX”
}
}

I checked the partner portal. The license registry shows that this license (SEN-XXXXXX) is an evaluation license and it has expired 2 weeks ago. There is also no transaction available for this SEN number.

There is a significant additional load on our service because of such requests. The license seems to be expired but the REST endpoint returns “active”.

I have many different SEN numbers that act like this. What is wrong?

2 Likes

Hi there,
We actually faced the same issue, and it confused us a lot. We have additional data from the marketplace and had to manually validate the data from the response with another source of information. Plus, we expose this data across our company, so it’s not ok when the data are not trustworthy.

Kind regards,
Irina
Stiltsoft
For the additional details: ibelaya@stiltsoft.com

Yeah, this is a known issue. Other MPs can explain this better, but those that use the marketplace data appear to deploy additional mechanisms to account for any lag in that data. E.g. warning banners, grace periods. I automatically restrict some for functionality and add some messaging for site’s admin when lic=none, but currently monitor evaluations and can manually apply further restrictions to block usage if necessary, with messages to contact support.

My case is beyond a simple lag that causes the data to be updated a few hours or a few days late.

The customer license I am examining at the moment has expired on Dec 8th 2021. That is almost 3 weeks ago. They can still use my app.

And even if I choose to implement some custom measures on my app, the license info I get from marketplace API is no more trustworthy than what I get from Jira API. I don’t want to build anything that changes my app’s behavior based on the data I get from the marketplace. The “/rest/atlassian-connect/1/addons/{addonKey}” endpoint was expected to do bring that information and bring it accurately.

We’re also seeing lic=active, when the marketplace says the license is expired with a current customer.
While we could block them, we would rather have consistent and correct information from Atlassian.

I’ve opened a support ticket to marketplace team about this and they responded saying:

"Cloud apps follow a dunning process, once the license/eval period has expired after ~15 days the app is suspended. Then after another ~15 days, the app is deactivated. This is the general rule, but an exception is when there’s an open quote for the instance and the app, this will keep the licenses active and will only enter the dunning process again if the quote expires. "