Reporting an issue through REST API as Connect application (i.e. reporter: SuperDuperApp)

Almost by accident, we noticed that when creating issues through the REST API, you can create an issue as the Cloud application by using:

“reporter”: {“name”: “addon_<key from Connect descriptor>“}

i.e. if the key in our Connect descriptor was Super-duper-app, we could use addon_Super-duper-app as the reporter name. The issue then show as Reporter: Super Duper App.

I couldn’t track down the documentation for this feature and wondered if it’s undocumented or if I just missed it. Any help on the validity of this approach is appreciated! (In our case, it might help our users find issues by searching by reporter versus a custom label/field.)

I don’t think it’s undocumented - just explicitly not called out…

https://developer.atlassian.com/cloud/jira/platform/security-overview/

Every app is assigned its own user in a Cloud instance. In general, server-to-server requests are made by the app user. In some situations, the configuration of permission or issue security schemes in Jira Cloud by an administrator can cause an app user not to have permission to make a request.

You’ve just encountered the reverse of that - somebody gave your app user the permission to create issues. If you’re wanting to use that behavior - you’ll need to make sure your users updates the permission schemes.

2 Likes

I would encourage you to not rely on this “feature”, since the identity of your app user is not public API, and we won’t guarantee that any app user identifiers will remain stable over time.

2 Likes

Thank you for the feedback.

What is the recommended approach for reporting issues as an “external” entity?
Imagine “SuperDuperApp” wants to create issues in a JIRA board based on how many customers are wearing capes in a store. What’s the best way to represent that it’s not-a-human that creates the issue?

Just to follow up, we were seeing this in a developer instance of JIRA that we have enabled while building our app/integration. Must be that development instances automatically give app users certain permissions…

Could they use https://developer.atlassian.com/cloud/jira/platform/rest/#api-api-2-issue-properties-propertyKey-put to look up the user key before creating the issue?

To clarify: the key of the app? or just another user?

Leaning towards the latter (sounds like that’s best), still curious on if there’s a method for representing that this issue was reported by an entity that isn’t a JIRA User. (Capital U as in proper User haha).

You could always use the get identifier of the app user using the myself rest API in JIRA. That would always contain the correct user key that you could then use on the reporter field.

2 Likes

Yeah that’s the one I meant. Sorry @andy.ennamorato - I gave you the wrong resource (I really don’t like the new rest docs). Look for
GET /rest/api/2/myself

When in doubt trust @epehrson and @rmassaioli

1 Like

No worries! Appreciate all the feedback and thoughts.

FWIW, I figured the link to the docs was just a little off. :slight_smile: