How to restrict access to REST API to the administrator only?

Hello,

I discover that all users have access to REST API. I administrate JIRA and I want to known how to restrict the access to REST API to a group of users only or to forbid the access to certain users. The reason is that I have users developing and using scripts based on REST API (python). I can't monitor that they do and that they execute. I think it's not safe to allow everybody to use REST API interface as they want. The simplest solution will be to disable <API call> under <General Configuration> but I have integrated JIRA with Crucible and Fisheye and I suppose that it may have an impact. Is somebody facing the same problem? Has anyone suggestions or solutions?

Thanks in advance.

Didier

2 answers

1 accepted

Pedro,

Thank you for your quick answer. Nevertheless the question is how to avoid users to have access to information via REST API. Even if there is no harm, is there any solution? Moreover I'm not alone to have these kind of questions. Via REST API every user have access to a lot of information that are not visible from the browser.
I think it's a problem and i think that something shall be do to separate the information accessibility from the browser and REST API or restrict to administrator only. Some people propose to filter ip's user as solution but it's not explained how. May be do you have any workaround?

Didier.

1 votes
Pedro Cora Atlassian Team Dec 09, 2013

Didier,

Actually, even though all users can use the rest interface, the permission and security schemes of JIRA are still in place. If an user can't do an action through the web-interface, then they won't be able to do such task through REST. So I don't think you need to worry too much about users writing their own scripts. If they have the proper permissions set, they won't be able to do any harm.

Furthermore, disabling rest would cause major issues in JIRA as many of the operations done by plugins are using it nowadays.

Cheers,
Pedro

Suggest an answer

Log in or Join to answer
Community showcase
Sarah Schuster
Posted Jan 29, 2018 in Jira

What are common themes you've seen across successful & failed Jira Software implementations?

Hey everyone! My name is Sarah Schuster, and I'm a Customer Success Manager in Atlassian specializing in Jira Software Cloud. Over the next few weeks I will be posting discussion topics (8 total) to ...

2,861 views 12 18
Join discussion

Atlassian User Groups

Connect with like-minded Atlassian users at free events near you!

Find a group

Connect with like-minded Atlassian users at free events near you!

Find my local user group

Unfortunately there are no AUG chapters near you at the moment.

Start an AUG

You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs

Groups near you
Atlassian Team Tour

Join us on the Team Tour

We're bringing product updates and pro tips on teamwork to ten cities around the world.

Save your spot