I have a ScriptRunner script based REST endpoint that needs to call the REST API of another Jira plugin. Is there a way to authenticate this nested call? Is it automatically handled? I am using ScriptRunner for Jira server. It seems that ScriptRunner for Jira Cloud does this automatically using some sort of proxy functionality (at least that is how I read the docs).
I recently answered a question about this here:
This is how you would make an authorised call to any rest API.
If you found this useful, please upvote and accept the answer :D
Thanks for your reply. Actually I was hoping that there is a smart way that avoids storing the username and a password in the script. The cloud version of ScriptRunner does this somehow by routing requests through some proxy which then adds necessary information to the header - I guess that is how it works. I am wondering why they did not add this feature to the server version.
Thanks for your hint!
Confirmed. We would like to query the Tempo Timesheets Rest API from ScriptRunner. The user accessing the Tempo API is always the same as the one calling the ScriptRunner script. Would be great if you would find a solution.
Perhaps it is possible to use an Oauth url like in gadgets for Jira?
Thanks a lot
Were you ever able to find a way of doing this? I'm trying to do something similar. I would like to write a Jira workflow post-function Groovy script that needs to call a REST API provided by an add-on on the same Jira server, and would like to avoid hard-coding a username and password in my code. Thank you.
The only "easy" way I found to do this, was by adding this information to a file, or issue that only a very limited userbase has access to. In all honesty, I'm a bit ashamed of even suggesting that, which is why I didn't reply in this thread to begin with.
I've asked my seniors and I hope they can provide a better answer.
Do ping me here again if I don't respond, the community doesn't do a very good job at sending me important emails when people reply to my threads and I end up with 200 notifications from threads that I haven't answered to.
Okay let me expand on this:
Some APIs might let you connect with a token, or something of that like. For example, not long ago I worked on a built-in script to integrate with Trello for something personal. In this case we only needed to store an app-token and use it in our post request within the body of the param.
Thing is, many apps deal with auth in a very very different way, accommodating for all of them would be very time consuming, and we have not found a sensible solution to this whole "storing password and keys" problem. We assume that the ones writing and viewing scripts are admins, and they themselves have access to these tokens.
What I can suggest, is that you open a request for a feature in our customer portal so that you can actually get an official response from our development team.
Connect with like-minded Atlassian users at free events near you!Find a group
Connect with like-minded Atlassian users at free events near you!
Unfortunately there are no AUG chapters near you at the moment.Start an AUG