How to restrict access to REST API to the administrator only?

Hello,

I discover that all users have access to REST API. I administrate JIRA and I want to known how to restrict the access to REST API to a group of users only or to forbid the access to certain users. The reason is that I have users developing and using scripts based on REST API (python). I can't monitor that they do and that they execute. I think it's not safe to allow everybody to use REST API interface as they want. The simplest solution will be to disable <API call> under <General Configuration> but I have integrated JIRA with Crucible and Fisheye and I suppose that it may have an impact. Is somebody facing the same problem? Has anyone suggestions or solutions?

Thanks in advance.

Didier

2 answers

1 accepted

Accepted Answer
0 votes

Pedro,

Thank you for your quick answer. Nevertheless the question is how to avoid users to have access to information via REST API. Even if there is no harm, is there any solution? Moreover I'm not alone to have these kind of questions. Via REST API every user have access to a lot of information that are not visible from the browser.
I think it's a problem and i think that something shall be do to separate the information accessibility from the browser and REST API or restrict to administrator only. Some people propose to filter ip's user as solution but it's not explained how. May be do you have any workaround?

Didier.

1 vote
Pedro Cora Atlassian Team Dec 09, 2013

Didier,

Actually, even though all users can use the rest interface, the permission and security schemes of JIRA are still in place. If an user can't do an action through the web-interface, then they won't be able to do such task through REST. So I don't think you need to worry too much about users writing their own scripts. If they have the proper permissions set, they won't be able to do any harm.

Furthermore, disabling rest would cause major issues in JIRA as many of the operations done by plugins are using it nowadays.

Cheers,
Pedro

Suggest an answer

Log in or Sign up to answer
Community showcase
Posted Sep 25, 2018 in Jira

Atlassian Research Workshop opportunity on Sep. 28th in Austin, TX

We're looking for participants for a workshop at Atlassian! We need Jira admins who have interesting custom workflows, issue views, or boards. Think you have a story to sha...

433 views 7 5
Join discussion

Atlassian User Groups

Connect with like-minded Atlassian users at free events near you!

Find a group

Connect with like-minded Atlassian users at free events near you!

Find my local user group

Unfortunately there are no AUG chapters near you at the moment.

Start an AUG

You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs

Groups near you