You're on your way to the next level! Join the Kudos program to earn points and save your progress.
Level 1: Seed
25 / 150 points
1 badge earned
Challenges come and go, but your rewards stay with you. Do more to earn more!
What goes around comes around! Share the love by gifting kudos to your peers.
Keep earning points to reach the top of the leaderboard. It resets every quarter so you always have a chance!
Join now to unlock these features and more
I'd like to use the "Send web request" Action within Jira Automation to send requests to Jira API of the same instance.
I found the following resources:
But both come with the drawback that the credentials of the user from which to call the request get exposed inside automation for Jira.
What I'd like is a way to trigger Jira API from Automation for Jira for the same instance as the Actor of the Automation rule without exposing the credentials of said actor.
I believe this can be very powerful for Admins expierienced with Jira API and in case it is not possible yet, I'll submit a feature request for this.
Yeah, I was concerned about this too, but since Atlassian acquired Codebarrel now, I'm *hoping* that the Automation servers are not too many hops away from Atlassian servers, and so our Basic Auth credentials are not being exposed at too many points.
To address the issue of tying API calls to a single user, we ended up creating a service account and a specific API token *just* for Automation.
We ended up creating another API token with that service account for the OpsGenie/Jira "comment-back" integration (yet another Atlassian acquisition that has yet to be integrated with Jira w/o requiring a credential to be passed.)
Thanks for the answer @Darryl Lee .
In case of the service account. In my understanding, by adding the API token of the service account user in an automation you expose it to everyone that can see the automation rule.
Meaning it is a security risk to give the service account too many permissions.
I don't think that is possible with Automation rules. I will try to store the Authorization in a variable but that is not any better aswell.
However you can try ScriptRunner for Jira on Cloud where in your Groovy script all you need to do is:
def response = get('/rest/api/3/issue/cts-12') .header('Content-Type', 'application/json') .asObject(Map)
Yeah, but then you have to use ScriptRunner! Kidding. :-} I'm just not great at Groovy.
But you make a great point Ravi - if ScriptRunner can provide direct access to the API (without having to generate an API token and use the kinda janky web request action), then surely Automation ought to be able to.
C'MON guys, I mean, somebody at Atlassian can probably help you with this, right? :-}
I believe basic understanding of programming is more than enough to get started. You can find plenty of examples in our Script Library.
Automation rules are great and I use them quite a lot, especially all the wonderful things that we can do with smartvalues but often I have to switch to writing scripts when the requirements get a bit more complicated.
P.S. - There is a feature in ScriptRunner for Jira Cloud called Script Variables to store sensitive information ;) I made a video describing how it works.
What operations in Jira are you trying to perform via REST? I'm wondering whether it would make more sense to make that available to you as a built-in operation than to provide a way to do the authentication?
That said, I have raised AUT-2117 so that any tokens used don't need to get exposed to other users.
Hello @bmccoy ,
in this specific script I was syncing a user group to a project role depending on some custom value from an overview project.
While I appreciate all handy built-in operation in automation, I assume it will take a long way to cover all administrative functionality that is already possible with APIs.
Thanks for raising the feature request.