Forums
Home Product Q&A Discussion groups Articles Ask a question Search
Learning
Events
Champions

Forums

Articles
Create
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 
Product Q&A
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Is it possible to access Jira API via Automation for Jira without exposing credentials?

Wolfgang Landes
Wolfgang Landes
Contributor
January 14, 2021

I'd like to use the "Send web request" Action within Jira Automation to send requests to Jira API of the same instance.

I found the following resources: 
Serverhttps://confluence.atlassian.com/jirakb/how-to-extend-automation-for-jira-with-rest-api-calls-1021217952.html

Cloudhttps://community.atlassian.com/t5/Jira-articles/Automation-for-Jira-Send-web-request-using-Jira-REST-API/ba-p/1443828

But both come with the drawback that the credentials of the user from which to call the request get exposed inside automation for Jira.

 

What I'd like is a way to trigger Jira API from Automation for Jira for the same instance as the Actor of the Automation rule without exposing the credentials of said actor.

I believe this can be very powerful for Admins expierienced with Jira API and in case it is not possible yet, I'll submit a feature request for this.

Greetings

Wolfgang

Answer
Watch
Like # people like this
6192 views

3 answers

1 accepted

0 votes
Answer accepted
Darryl Lee
Darryl Lee
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
Become a leader
January 15, 2021

Yeah, I was concerned about this too, but since Atlassian acquired Codebarrel now, I'm *hoping* that the Automation servers are not too many hops away from Atlassian servers, and so our Basic Auth credentials are not being exposed at too many points.

To address the issue of tying API calls to a single user, we ended up creating a service account and a specific API token *just* for Automation.

We ended up creating another API token with that service account for the OpsGenie/Jira "comment-back" integration (yet another Atlassian acquisition that has yet to be integrated with Jira w/o requiring a credential to be passed.)

View More Comments
Ravi Sagar _Sparxsys_
Ravi Sagar _Sparxsys_
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
January 15, 2021

Valid points :)

Like
Wolfgang Landes
Wolfgang Landes
Contributor
January 15, 2021

Thanks for the answer @Darryl Lee . 
In case of the service account. In my understanding, by adding the API token of the service account user in an automation you expose it to everyone that can see the automation rule.
Meaning it is a security risk to give the service account too many permissions.

Like
Darryl Lee
Darryl Lee
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
Become a leader
January 15, 2021

Oh that's definitely true - if other people have visibility into the rule, they'll be able to see / copy the token, which can be a real issue.

Like
Simmo
Simmo
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
May 12, 2022

Hey @Darryl Lee,

I can tell you that there aren't too many hops. We're within the Atlassian private network :)

Like
Reply
2 votes
Ravi Sagar _Sparxsys_
Ravi Sagar _Sparxsys_
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
January 14, 2021

Hi @Wolfgang Landes 

I don't think that is possible with Automation rules. I will try to store the Authorization in a variable but that is not any better aswell.

However you can try ScriptRunner for Jira on Cloud where in your Groovy script all you need to do is:

def response = get('/rest/api/3/issue/cts-12') .header('Content-Type', 'application/json') .asObject(Map)

Ravi 

View More Comments
Darryl Lee
Darryl Lee
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
Become a leader
January 15, 2021

Yeah, but then you have to use ScriptRunner! Kidding. :-} I'm just not great at Groovy.

But you make a great point Ravi - if ScriptRunner can provide direct access to the API (without having to generate an API token and use the kinda janky web request action), then surely Automation ought to be able to.

C'MON guys, I mean, somebody at Atlassian can probably help you with this, right? :-}

Like
Ravi Sagar _Sparxsys_
Ravi Sagar _Sparxsys_
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
January 15, 2021

I believe basic understanding of programming is more than enough to get started. You can find plenty of examples in our Script Library.

Automation rules are great and I use them quite a lot, especially all the wonderful things that we can do with smartvalues but often I have to switch to writing scripts when the requirements get a bit more complicated.

Ravi

P.S. - There is a feature in ScriptRunner for Jira Cloud called Script Variables to store sensitive information ;) I made a video describing how it works.

Like
Wolfgang Landes
Wolfgang Landes
Contributor
January 15, 2021

Thanks for the answer @Ravi Sagar _Sparxsys_  I will use scriptrunner for my usecase. I was just wondering if it would be possible to do the same in automation. :-) 

Like
Reply
0 votes
bmccoy
bmccoy
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
January 19, 2021

Hi @Wolfgang Landes

What operations in Jira are you trying to perform via REST?  I'm wondering whether it would make more sense to make that available to you as a built-in operation than to provide a way to do the authentication?   

That said, I have raised AUT-2117  so that any tokens used don't need to get exposed to other users. 

Cheers,
Brydie

View More Comments
Wolfgang Landes
Wolfgang Landes
Contributor
January 20, 2021

Hello @bmccoy ,
in this specific script I was syncing a user group to a project role depending on some custom value from an overview project.
While I appreciate all handy built-in operation in automation, I assume it will take a long way to cover all administrative functionality that is already possible with APIs. 

Thanks for raising the feature request. 
Cheers,

Wolfgang

Like
Reply

Suggest an answer

Log in or Sign up to answer
Jira
Jira
DEPLOYMENT TYPE
CLOUD
PRODUCT PLAN
STANDARD
PERMISSIONS LEVEL
Product Admin
TAGS
atlassian, atlassian community, loom ai, atlassian loom ai, loom, atlassian ai, record recaps of meetings, meeting recaps, loom recaps, share meeting recaps,

Loom’s guide to great meetings 📹

Join us to learn how your team can stay fully engaged in meetings without worrying about writing everything down. Dive into Loom's newest feature, Loom AI for meetings, which automatically takes notes and tracks action items.

Register today!
AUG Leaders

Atlassian Community Events

Community
Forums
FAQs Forums guidelines
Learning
About learning Resources
Events
Champions
Copyright © 2025 Atlassian
Privacy Policy Terms Security
Welcome illustration

Welcome to the new Atlassian Community

Online forums and learning are now in one easy-to-use experience.

By continuing, you accept the updated Community Terms of Use and acknowledge the Privacy Policy. Your public name, photo, and achievements may be publicly visible and available in search engines.