Hi,
I'm using Jira server where we have a Tempo plugin, I wonder if it's possible to restrict the POST "option" via API.
I need to give someone access to read all our work logs...but if I'm doing it by API token, then that person will be able to write data....which we don't want.
Any other suggestions are welcome.
\Thanks/.
the API token for the Servlet (Server/DC only) will allow you do a query for all worklogs but you can´t use it to do a POST request to create a worklog. At least the POST request is limited to the users permissions and can only be consumed with basic authentication.
BR
Hi @Albert Manuel ,
I don't think you can do this dircetly with Tempo (there is no option to restrict API calls), however since you're on Jira Server you can manage this at the reverse proxy level : you will be able to restrict what IP address for example can reach a specific URL, like jira.company.com/rest/tempo-timesheets/ or even what methods are available (POST, GET, etc).
This would most likely be done by your network or system admin team.
Let em know if this helps,
--Alexis
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.