Authenticate call of Jira REST API in ScriptRunner based REST endpoint (Jira Server)

Hi, 

I have a ScriptRunner script based REST endpoint that needs to call the REST API of another Jira plugin. Is there a way to authenticate this nested call? Is it automatically handled? I am using ScriptRunner for Jira server. It seems that ScriptRunner for Jira Cloud does this automatically using some sort of proxy functionality (at least that is how I read the docs).

Thanks

Tuelle  

2 answers

This widget could not be displayed.

Hi Tuelle

I recently answered a question about this here:

https://community.atlassian.com/t5/Marketplace-Apps-questions/Make-a-GET-request-to-REST-API-and-Handle-JSON-in-behavior/qaq-p/603521

This is how you would make an authorised call to any rest API.

If you found this useful, please upvote and accept the answer :D

Cheers

Dyelamos

Hi Dyelamos,

Thanks for your reply. Actually I was hoping that there is a smart way that avoids storing the username and a password in the script. The cloud version of ScriptRunner does this somehow by routing requests through some proxy which then adds necessary information to the header - I guess that is how it works. I am wondering why they did not add this feature to the server version.

Thanks for your hint!

Tuelle

Hello Tuelle.

Actually, you make a fair point.

If I understood correctly, the plugin is using the same user base as JIRA itself yes?

If so, please confirm, and I'll give it a think. Will try to find a way of doing this.

Cheers

Dyelamos

Confirmed. We would like to query the Tempo Timesheets Rest API from ScriptRunner. The user accessing the Tempo API is always the same as the one calling the ScriptRunner script. Would be great if you would find a solution.

Perhaps it is possible to use an Oauth url like in gadgets for Jira?

Thanks a lot

Tuelle

Hello Daniel,

Were you ever able to find a way of doing this?  I'm trying to do something similar.  I would like to write a Jira workflow post-function Groovy script that needs to call a REST API provided by an add-on on the same Jira server, and would like to avoid hard-coding a username and password in my code.  Thank you.

Paul

Hi Paul. 

The only "easy" way I found to do this, was by adding this information to a file, or issue that only a very limited userbase has access to. In all honesty, I'm a bit ashamed of even suggesting that, which is why I didn't reply in this thread to begin with. 

I've asked my seniors and I hope they can provide a better answer.

Do ping me here again if I don't respond, the community doesn't do a very good job at sending me important emails when people reply to my threads and I end up with 200 notifications from threads that I haven't answered to.

Cheers!

Dyelamos

Hi Daniel,

I just want to ask if you discussed this issue with your team and if there will be a solution soon. 

Thanks for your support

Tuelle

Hi Tuelle. 

Afaik, no, there isn't. 

Refer to my other answer within this thread I've kind of expanded this.

Sorry!

Dyelamos

This widget could not be displayed.

Okay let me expand on this:

Some APIs might let you connect with a token, or something of that like. For example, not long ago I worked on a built-in script to integrate with Trello for something personal. In this case we only needed to store an app-token and use it in our post request within the body of the param. 

Thing is, many apps deal with auth in a very very different way, accommodating for all of them would be very time consuming, and we have not found a sensible solution to this whole "storing password and keys" problem. We assume that the ones writing and viewing scripts are admins, and they themselves have access to these tokens. 

What I can suggest, is that you open a request for a feature in our customer portal so that you can actually get an official response from our development team.

Suggest an answer

Log in or Sign up to answer
Community showcase
Published Aug 22, 2018 in Marketplace Apps

How a Marketplace app tech team is achieving gender diversity

Hello! My name is Genevieve Blanch, and I'm the Marketing Manager at RefinedWiki, creators of apps to give teams the tools to customize Atlassian platforms. Currently, 44% of the tech team at Re...

523 views 3 19
Read article

Atlassian User Groups

Connect with like-minded Atlassian users at free events near you!

Find a group

Connect with like-minded Atlassian users at free events near you!

Find my local user group

Unfortunately there are no AUG chapters near you at the moment.

Start an AUG

You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs

Groups near you