Hi Mahanth,

as a fellow developer, maybe I can share a thing or two.

1. Security (or in this case Confidentiality) of the API key is a must. Please by no account expose it publicly to the internet, i.e. in a public Github repo, as threat actor can use this API key to access internal data of your organization. If there is any sign of the key being compromised, immediately delete the old one, create a new one then configure all your application with this new key. And follow the Principle of Least Privilege.

2. Usage - all I can say is, when you're trying to implement the key into a new project, try to use a central config/environment file instead of manually adding it to each file or each time you want to call the API. That'll make key management much easier.

3. Rate limiting - as of 03. April 2025 there is not yet a rate limiting from Atlassian's side: Rate limiting . That'll be changed by August 2025 according to the documentation.

4. Data transmission - well its REST, the traffic will go through the internet, so it depends heavily on your internet connection. And since Jira Cloud supports HTTPS, your traffic is (reasonably) encrypted and protected during transfer.

I mean I'm also not that much of a Jira power user, so that is the extent of my knowledge. Hope that helped!