In our JIRA server (on-premise) we have the Secure Login Plugin installed (2FA). We want to grant access to an external application which connects to the JIRA API (/rest/api/2/issue/).
We tested by adding the relative path of the API to the 2FA URL Filter in the Context Whitelist and this works for us.
We wonder if this is the right way-of-working for granting access to a single application. We are in doubt whether we might have introduced a security risk by granting the whole world access to the API without the use of 2FA.
Anyone having experience with granting API access in combination with the Secure Login Plugin to answer our doubts?
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.