We are planing to give an external company access to our JIRA cloud REST API so that they can integrate our issues in their own ticket system.
How I understand it, the permissions of the API will be the same as the token's owner.
So I created a Service Desk User, created a API token and made some project related permissions.
BUT: The extarnal company should NOT be able to see internal comments via the API.
Any way how I can manage this?
I think this will not be possible as such. In a non-Service Management project you have the option to restrict a comment to a group/role - but this is not available for Service Management projects despite a Suggestion to have it considered in the future: https://jira.atlassian.com/browse/JSDCLOUD-829
If I understood it correctly the ask is to exchange data between the internal and the external system (using API), but as you said API provides the same set of permissions like UI access.
Access via Portal (the customer portal customers use to raise a request) would probably not suffice, also there are reports that access via API is tricky.
Connect with like-minded Atlassian users at free events near you!Find an event
Connect with like-minded Atlassian users at free events near you!
Unfortunately there are no Community Events near you at the moment.Host an event
You're one step closer to meeting fellow Atlassian users at your local event. Learn more about Community Events