Permissions to get issue development information (commits & pull requests)

Hi there,

I’m developing a product which brings together data from various tools used for software development, including code hosting & project management tools. As such, we need to link together issues with commits and pull requests.

I can get some high-level information from the /rest/api/latest/issue/{issueKey} endpoint, e.g. {pullrequest={dataType=pullrequest, state=MERGED, stateCount=1}, json={"cachedValue":{"errors":[],"summary":{"pullrequest":{"overall":{"count":1,"lastUpdated":"2017-01-12T14:14:07.000+0000","stateCount":1,"state":"MERGED","open":false},"byInstanceType":{"github":{"count":1,"name":"GitHub"}}}}},"isStale":false}}.

However, I’d like to know the specific pull request ids and commit hashes that are linked to any given issue. I’ve found a few posts suggesting hitting up the /rest/dev-status/1.0/issue/detail endpoint. I’ve successfully done so in the browser, however when making these calls via my add-on authenticated using JWT, I get 403 responses.

I suspect it’s one of these endpoints available with basic auth but not for add-ons. Any chance it (or an alternative) will be available to add-ons in the near future?

Thank you


Would it work if I added the scope ACT_AS_USER and made the request to /rest/dev-status/1.0/issue/detail as the user, using OAuth 2?

Hi @nick1,

Yes, what you’re seeing a 403 on these requests when making them from your add-on using JWT because they are not whitelisted for Atlassian Connect.

Would it work if I added the scope ACT_AS_USER and made the request to /rest/dev-status/1.0/issue/detail as the user, using OAuth 2?

Yes technically this would work; however besides being whitelisted, this API is not public. It’s not guaranteed by our REST API policy and could change at any time without notice.

We’re definitely very interested in providing a public API for development information associated with JIRA Software issues, unfortunately I can’t provide a timeline on exactly when we’re going to have that available right now.

Dave Meyer
JIRA Product Management

Hi @dmeyer,

Thank you for your quick reply, this is very helpful. I’ve got 2 follow up questions.

First, would you be able to give me a very rough sense of how deep in the backlog this is? I.e. on the order of weeks, months or years? I won’t treat this as a commitment of course, but any extra information you can provide will help me figure how to proceed in the meantime.

Second, I tried the workaround suggested above (ACT_AS_USER + OAuth 2) – I couldn’t get it to work. The same request that works in my browser (piggy-backing off of my authenticated session as a JIRA user) returns a 400 with {"errorMessages":["No issue exists with the ID: \'14500\'"],"errors":{}} when made using the OAuth2 token and acting as the user who installed the add-on.

I’m confident that I’m authenticating properly with OAuth2 because requests to protected resources such as /rest/api/latest/issue/{issueKey} work fine, it’s just requests to /rest/dev-status/1.0/issue/detail?issueId={issueId}&applicationType=github&dataType=repository which don’t work and return 400s.

Do you have any thoughts on how to get this to work?

Thank you

Hi @nick1,

It’s possible that the OAuth 2 tokens don’t work with non-public APIs. I will follow up with the team that implemented this feature.

@dmeyer any further updates on the availability of these non-public endpoints over Oauth2 or Connect?

1 Like