Missed Team ’24? Catch up on announcements here.

×
Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Products
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Jira Tempo - How to restrict Write/POST via Rest API

Albert Manuel
Albert Manuel
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
January 20, 2021

Hi,

 

I'm using  Jira server where we have a Tempo plugin, I wonder if it's possible to restrict the POST "option" via API.

 

I need to give someone access to read all our work logs...but if I'm doing it by API token, then that person will be able to write data....which we don't want.

 

Any other suggestions are welcome.

 

\Thanks/.

Answer
Watch
Like Be the first to like this
430 views

2 answers

0 votes
Alexander Eck [Tempo]
Alexander Eck [Tempo]
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
January 22, 2021

Hi @Albert Manuel

the API token for the Servlet (Server/DC only) will allow you do a query for all worklogs but you can´t use it to do a POST request to create a worklog. At least the POST request is limited to the users permissions and can only be consumed with basic authentication.

BR

Reply
0 votes
Alexis Robert
Alexis Robert
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
Become a leader
January 20, 2021

Hi @Albert Manuel , 

 

I don't think you can do this dircetly with Tempo (there is no option to restrict API calls), however since you're on Jira Server you can manage this at the reverse proxy level : you will be able to restrict what IP address for example can reach a specific URL, like jira.company.com/rest/tempo-timesheets/ or even what methods are available (POST, GET, etc).

 

This would most likely be done by your network or system admin team.

 

Let em know if this helps, 

 

--Alexis

Reply

Suggest an answer

Log in or Sign up to answer
Jira
Jira
TAGS
AUG Leaders

Atlassian Community Events

    See all events