Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Product Q&A
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

cloud.session.token to access internal api.

federico
federico December 23, 2022

Hello,

I know this is not supported official API, but I"ve seen a few post where Atlassian member recommending "using the internal api even if it might change".

Now, I would like to run some automation script, and I require getting JIRA issues related to a Pull Request.

I am using the following internal API.

https://bitbucket.org/!api/internal/repositories/{workspace}/{slug}/pullrequests/${pull_request_id}/jira/issues?page=1



Now, I use other internal API in my automation script, they all work using the `oauth` login, but this API in particular REQUIRE a `cloud.session.token` passed as cookie in the request.

I I do not pass the cookie, the API do not fail, but return empty issues. in the case I do add a `cloud.session.token`, then the API return issues.


I have no idea where I can retrieve this `cloud.session.token` without manually adding it, and it keep getting disabled after a few days so it's a huge pain.

My question are, why this API require a `cloud.session.token` to return valid result, while it does work even with the normal oauth token but the list of issues is always empty.
And How can I retrieve a `cloud.session.token` automatically so I don't have to update my script every few days. 

Thank you.
Answer
Watch
Like Be the first to like this
782 views

1 answer

0 votes
David Bakkers
David Bakkers
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
December 28, 2022

Hello @federico 

The simplified answer is... you can't. The Jira / Bitbcuket internal REST APIs are not supposed to be interacted with by the user, so the security domain is totally separate and you can't re-use their OAuth session tokens outside their lifespan nor generate them for yourself for your own purposes.

The fact that can 'hijack' some of the internal REST API calls to do some things some of the time does not mean you can use it to do all things all the time. That's what the user REST APIs are for.

View More Comments
federico
federico December 28, 2022

You are right about that yes.

The REST APIs are very incomplete for people using JIRA and BITBUCKET. All is supposedly connected together, yet those API do not provide any meaningful way to play with the fact that we use JIRA and BITBUCKET. 

There are countless thread about it but yet still gathering interest and beeing answered by please use internal API but we don't support it.

This is not a viable solution, but it is recommended so much that at some point I am wondering...

https://jira.atlassian.com/browse/JSWCLOUD-16901
https://jira.atlassian.com/browse/JSWSERVER-15768

https://community.atlassian.com/t5/Bitbucket-questions/Get-all-jira-ticket-on-merge-release/qaq-p/1303236#M51954
https://community.atlassian.com/t5/Jira-questions/API-get-branches-related-to-issue/qaq-p/1214220
https://community.atlassian.com/t5/Jira-questions/REST-API-for-issue-detail-no-longer-returns-the-associated/qaq-p/1304889


So yes, I should not do it, but there is no alternative and Atlassian team tell us to use it while not recommending it for so basic feature as "get jira issue from bitbucket PR" or "get PR from Jira Issue" 


So yes your answer is correct and simple. But then I am open to other suggestion than using this internal api 

Like Darryl Lee likes this
Reply

Suggest an answer

Log in or Sign up to answer
Jira
Jira
DEPLOYMENT TYPE
CLOUD
PRODUCT PLAN
STANDARD
TAGS
AUG Leaders

Atlassian Community Events

    See all events