Weekly GDPR API status development - Jun 7

Update on the roll out of new Bitbucket Cloud, Jira Cloud and Confluence Cloud APIs

Bitbucket APIs Bitbucket experienced a incident last week related to API regressions resulting in the temporary roll back of Bitbucket APIs. The issue is actively being worked on and should be resolved early next week. Once fixed the rollout to 100% will happen over the course of 1 day. To avoid thrashing while we resolve the issues, Bitbucket has introduced a new header HTTP__X_ATLASSIAN_FORCE_ACCOUNT_ID which will allow you to opt in to the new API behavior regardless of our settings. Once we roll back out the APIs will behave as expected regardless of use of the header.

Jira APIs The roll out percentage remains at ~56% of Atlassian Connect apps for Jira. All of the apps that have been rolled out so far have signaled gdpr:true in the app descriptor. We expect to resume roll out next week with apps that have since signaled gdpr:true or have not signaled either gdpr:true nor gdpr:false.

Confluence APIs The roll out of Confluence APIs has been delayed 1 week. New target = June 17, 2019 9:00 AM.

On launch of Profile Visibility Controls

We are still working to address bugs raised during testing and will not launch profile visibility controls next week. Our new target launch date is 2019-06-24T14:00:00Z.

The testing window has now closed. If you’ve already had an instance configured for testing, the configuration has temporarily been turned off.

As a reminder, the API roll out mentioned above will not affect the profile data returned thru user objects. If you’ve tested the API behaviors using the Jira REST header x-atlassian-force-account-id:true and/or Confluence query parameter privacyMode=true and the Atlassian Connect descriptor flag gdpr:true , then you should be familiar with the changes that will start rolling out next week.

Following the roll out of the new APIs, we intend to release a new feature for Atlassian Account which may change the data returned thru user objects. Certain fields like timezone and email address may be hidden by a user and not return in the user object. Additionally, the user may decide to show only public versions of their name or avatar.

All of these changes including the default settings are documented in these guidelines .

If your app requires use of email address to provide core functionality, please raise a request to access the email API. Should you use the email API without raising a request your app may be prevented from being installed .

Thank you

As always, thank you for working with us through these changes. Its been a large amount of work to complete in a short timeframe and we appreciate you helping us deliver a more trusted experience for customers.

1 Like

Please see latest here: Weekly GDPR API status development - Jun 14