Reporting user personal data - Connect App

Hello All,

In order to report the user personal data for connect apps using following API

POST /rest/atlassian-connect/latest/report-accounts

  • Do we need to notify accounts per client bases?
  • Jwt should be generated for each client based on combination of shared secret and add on key.

Is the above assumption/ approach correct?

Thanks for your help.

Hi @sfg, the Jira and Confluence personal data reporting API is anchored to a tenant only for consistency with other Jira and Confluence REST APIs. A vendor could use one tenant to send reports for all users if a shared user base exists for multiple tenants. The most important consideration is to ensure all users are reported and that the personal data is erased if directed by the response.

Hello @dmorrow,

Thanks for the reply.
Can you please verify if I got it right

Current Scenario : We have one user database for multiple tenants.

For the purpose of personal data reporting

  1. Can we use any tenant from our database,
  2. Generate JWT token for that tenant
  3. Use that tenant and jwt to report users for multiple tenants.
  4. Can we combine reporting for jira and confluence users or do they need to be separate?


Hi @sfg, Can you please tell how do you generate JWT token for that tenant? Do you invoke this API from your app code somewhere or do you have a separate job for it outside app code which uses the JWT you create (i’m guessing using shared_secret and client_key, but I don’t know how…please point me to some documentation if you can)?

Please help here.

Hello @farhat ,

We are thinking of invoking this code via a separate job outside of the plugin code. JWT will be created using shared_secret of the tenant.

Reference link:

Do you have another approach to handle this scenario?


Perfect. Thanks a lot @sfg. Even I feel that this needs to reside outside of app code, planning to do it in an AWS Lambda invoked by a Cloudwatch event every 15 days - separate job.