Missed Team ’24? Catch up on announcements here.

×
Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Products
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

How to i disable REST API calls on JIRA, or prevent our private data from being exposed?

James
James January 30, 2021

How to i limit REST API calls on JIRA, or prevent our private data from being exposed?


I've learned that I can't turn off the REST API all together as i would desire too, but how do i prevent our private information from being exposed? I've had developers and users reach out to our admin's b/c they can see our private info available in the REST API. 

i've spent way too much time mucking about in the admin trying to figure out how to manage this without any success. I see no mention of the API and/or how to manage how to suppress it via our user group settings. 

I would love to have some help, thanks in advance if someone can help us resolve this.

Answer
Watch
Like Be the first to like this
3488 views

2 answers

1 accepted

1 vote
Answer accepted
Nic Brough -Adaptavist-
Nic Brough -Adaptavist-
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
Become a leader
January 30, 2021

Jira can not work without the REST API, so there's no way to turn it off.

But it does restpect the permissions that you set for the UI.  If someone can see an issue in the REST API, then they can see it in the UI as well.

What are you trying to secure that you think is leaking out over REST?

View More Comments
James
James February 1, 2021

in short our rest api, list our company name and individual users and some project tasks to anyone who browses it, and i would ideally like that to not be the case. 

Like
Nic Brough -Adaptavist-
Nic Brough -Adaptavist-
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
Become a leader
February 1, 2021

They can get the same from the UI too, you'd want to think about how to remove it from there as well.

Like
Reply
0 votes
James
James February 1, 2021

in short our rest api, list our company name and individual users and some project tasks to anyone who browses it, and i would ideally like that to not be the case. 

Reply

Suggest an answer

Log in or Sign up to answer
Jira
Jira
DEPLOYMENT TYPE
CLOUD
PRODUCT PLAN
STANDARD
PERMISSIONS LEVEL
Site Admin
TAGS
AUG Leaders

Atlassian Community Events

    See all events