REST API- Security Hardening

Atlassianist August 15, 2023


we are currently working on Jira Service Management <-> Service Now Integration. SNOW is running at our client. JSM runs in our Colocation in Data Center Version. 

The request are created in JSM from SNOW via REST and after closing the JSM issue some fields have to be updated in SNOW ...

We use Basic Auth over HTTPS, which is pretty basic and I am not sure if it is still OK. 

My questions:

- Is JIRA REST API really intended for such integrations or only for systems within the own infrastructure?

- is Basic Auth over HTTPS still secure or is actually a "no go"

- Is it anyhow possible or does it make sense to lock the REST URL - e. g. via Reverse Proxy?

perhaps it would be possible to open the normal JIRA URL for everybody but limit the access to the REST specific path / URL only for certain IP Addresses ... 

- What kind of hardening methods do you use for REST Access?

Thank you for your opinions. 

Best regards






0 answers

Suggest an answer

Log in or Sign up to answer
AUG Leaders

Atlassian Community Events