Unable to access jira User Email Addresses from 3LO app

Hi Atlassian Community,

I am currently developing a 3LO app that integrates with Jira Cloud. After an admin integrates our app using OAuth, our system registers a webhook to receive Jira issue created events. The goal is to notify the creator of the issue via email (Business use case). However, I am facing difficulties in accessing the email addresses of users who create Jira issues, except for the admin who integrated the app.

Here are the steps we have implemented so far:

  1. The 3LO app is set up with the following scopes:
  • read:jira-work
  • read:jira-user
  1. Our system successfully registers a webhook to listen for issue creation events (jira:issue_created).
  2. Upon receiving the webhook event, we attempt to retrieve the issue creator’s email using their account ID via the Jira REST API.

Despite this setup, we are unable to obtain the email addresses of the issue creators due to privacy restrictions. We understand that the ACCESS_EMAIL_ADDRESSES scope is available for Connect apps, but it doesn’t apply to 3LO apps.

Questions:

  1. Is there any way to access user email addresses for issue creators in a 3LO app?
  2. Are there any recommended workarounds to achieve our goal?

Any guidance or suggestions would be greatly appreciated!

Thank you in advance for your help!

@GokulG,

Yes and no. Yes, if that user is the current user context for 3LO. You can get current user with GET /rest/api/3/myself. I think it is also possible in another user context to get user via GET /rest/api/3/user.

However, that’s subject to some privacy caveats, which means for some cases, no. Per the profile visibility docs, there are cases where the email address will not be available to the client. And, if you are storing or using email addresses, your client may be subject to using additional privacy reporting APIs.

Atlassian considers the caveats as our way to meet the privacy obligations we have with customers. You should not “workaround” them but with them, please.

@ibuchanan
Thank you for your detailed response.

In our case, the admin will be integrating the Jira app into our system. The issue creators can be any user within the Jira instance. For our business use case, we need to obtain the email address of the issue creator to complete our custom workflow.

From the webhook event, we receive the accountId of the creator. However, we need the email address associated with this accountId to proceed with our workflow. We are not storing any accountId or personal information from Jira; we just need the email to identify the user to send a notification.

Here are the steps we’ve taken so far:

  1. We tried using the GET /rest/api/3/user API and the search API to fetch user details, but the email address is missing from the response due to privacy restrictions.
  2. We noticed the GET /rest/api/2/user/email API in the documentation, but as we understand, this endpoint is only available for Connect apps.

Given the privacy restrictions and our use case, what can be done to access the email addresses of issue creators in a 3LO app? Is there a compliant way to achieve this, or any recommended best practices for handling such scenarios?

Additionally, is a 3LO app not the appropriate choice for our use case? Should we consider using a Connect app instead to meet our requirements?

Your guidance on this matter would be greatly appreciated.

Thank you!