Throughout 2018 and 2019, Atlassian will undertake a number of changes to our products and APIs in order to improve user privacy in accordance with the European General Data Protection Regulation (GDPR). In addition to pursuing relevant certifications and data handling standards, we will be rolling out changes to Atlassian Cloud product APIs to consolidate how personal data about Atlassian product users is accessed by API consumers.
A summary of all relevant API changes has been posted in the JIra Cloud Platform API docs:
Thanks for keeping me updated. I would like to share how this would impact our app and possibly lots of other apps in the marketplace.
We are working on Atlas CRM which makes it possible to manage sales from within Jira. This particular part of Atlas CRM focuses on collaborating with your team to close more sales in the sales funnel.
The features that we build for sales are very alike to the features that exist for issues in Jira. These features rely on the information that might be restricted in the future. Just to name a few features that are impacted by this restriction;
Assigning Atlassian users to sales;
Filtering sales based on assigned Atlassian users;
Writing notes for sales (comments, communication);
Activity feed;
etc.
As you may have noticed we use the information of Atlassian users to improve the user experience of our app. If this personal information is going to be private (by default), our users will be missing out on a lot of functionality that our add-on provides.
@dmeyer / @nmansilla - The User API change has massive impact on our Product. Migration from UserKey to AccountId across our customer base and it also has impact on what they are seeing today. The End Users are not going to like this and this is not good for any vendor.
The “sub” claim of the OAuth 2.0 JWT Bearer token authorization grant currently requires a user key. Apps will instead need to provide the Atlassian Account ID (AC-2409).
From each issue on that page, you will find related issues linked. The API change you are asking about is tracked on AC-2437 and is available in production since a week ago.
@epehrson, I recently upgraded one of my apps to ACE v3.2.0 which includes support for these changes.
As a result, my application logs are now full of deprecation warnings (2 x sets of these messages for every request made from the host product to my app):
Please note that timezone, locale, userId and userKey context parameters are deprecated.
See https://ecosystem.atlassian.net/browse/ACEJS-115
Is there a way to suppress these messages (my app doesn’t rely on any of the deprecated parameters, so no changes were required to my app); or do I just need to wait until the end of the deprecation period? (which is when?)
The description in ACEJS-115 is “Enable apps to opt-in to using GDPR-compliant APIs.”, but there doesn’t appear to be any details on how apps are able to opt-in? (or in this instance does “apps” == “Atlassian Connect Express”?)
Wrt how apps can opt-into GDPR changes - the documentation and migration guide has not been published yet. Please watch for announcement soon. We expect to publish detailed info within 2 weeks from now.