Atlassian platform provides an activity feed endpoint at https://<myorganization>.atlassian.net/activity. Even if it's not based on the most up-to-date technology it's still the only way to access user's activity programmatically. The endpoint is documented here.
The activity feed endpoint can be accessed by the browser when atlassian.net session is valid. Also, the feed can be accessed with the help of API tokens (that can be configured here).
However, the activity endpoint cannot be accessed with OAuth2-acquired access token. There is no scope for it and even if the token had been granted wide scope access the activity feed shows no activity (just like it shows with no authentication at all).
Please add a new granular scope that can be configured at developer.atlassian.com and acquired via OAuth2 flow so that the access code can then be used to fetch activity feed at https://<myorganization>.atlassian.net/activity with the user's rights.
The current option to use API token is not good from the security point of view. External applications should utilize OAuth2 flow and it should enable the application to access activity feed.
Hello @Tommi Palomäki
If you really think it would be a good idea for Atlassian to add OAuth 2.0 for that endpoint, log that as a Feature Request. The request would probably need to be in the Atlassian Ecosystem section.
Also, by "wide scope access" are you inferring a scope that would allow the lookup of the activity of all users within an organisation using, say, a Jira Admin's credentials? I don't think that's likely to be considered.
Thank you @David Bakkers . I created a feature request as you suggested, https://jira.atlassian.com/projects/ECO/issues/ECO-257.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Nice work!
I voted for it but, not to put a damper on your efforts, it's a very obscure part of Atlassian's infrastructure that's really a relic from the old days of Jira/ Confluence when they had XML - RPC APIs. I'd be surprised if more that 6 people on the planet care if it obtained OAuth 2.0 security or not and voted for your Feature Request :)
If I were in Atlassian's position, I'd replace that whole endpoint with a new one that returned JSON, not XML, and make it part of the Cloud Admin REST API collection.
Anyhow, good luck.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Yep, agreed. I would really much appreciate a modern REST endpoint for fetching the activity feed. The old relic is also very slow and difficult to filter with the query.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.