Hi,
I was looking at the App events (Preview) documentation and am now wondering about the rationale behind the stated limitations.
More specifically, I was wondering why apps cannot publish custom payloads. I suspect that this is intended as a security measure, but given that any sending<->receiving app combination would be on the same instance of the host product, there already are ample ways of exchanging information between two known apps willing to do so.
Is there any other reason or security aspect that I’m missing? I would make sense for a couple of our products to adopt app events, but I want to make sure not to bring additional security concerns into our product.
Thank you,
Oliver
Hi @osiebenmarck,
Our intention is to enable custom payloads at a later time.
There are some security and privacy considerations to take into account. Apps exchanging static pieces of information is very different to apps being able to share any data (potentially customer data) between one another. Which is why it requires more work on our side to design the full experience, from informing the admins during installation time about these potential exchanges, to figuring out which app should be allowed to receive which event (for example, should apps that “Run on Atlassian” be able to send custom payload events to those that don’t).
1 Like
Hi @kkercz,
Thank you for the prompt and detailed response! So the aim (for now at least) is more to build a signalling mechanism (something happened), rather than a data exchange.
1 Like