Enhance REST API Access using OAuth tokens plugin for Jira Cloud

How the plugin enhances workflow

• Improved Security – Our plugin ensures that valid, authenticated tokens are used, reducing the risk associated with direct token handling and minimizing exposure to potential security threats.
• Fine-Grained Access Control – Our plugin enhances security by allowing tokens from your IdP to access only specific APIs and methods within Jira. This fine-grained access control ensures that tokens are restricted to the necessary functions and data, reducing the risk of unauthorized access and ensuring that each token operates within its intended scope.
• Easy integration – Our plugin facilitates easy integration by providing curl documentation for scripting and automation. This design allows developers to quickly write and deploy scripts or applications that interact with Jira Cloud via our plugin, streamlining the process of incorporating our solution into your workflows.

Download And Installation

• Log into your Jira instance as an admin.
• Navigate to the settings menu and Click Manage Apps.
• Click on Find new apps .
• Locate Enhance REST API Access using OAuth tokens plugin plugin app.
• Click Try free to begin a new trial or buy now to purchase a license.
• Enter your information and click Generate license when redirected to MyAtlassian.
• Click Apply license.

1: Setup initial configurations

• To get started, in the Getting Started tab configure the admin email and token
Note: This token will only be used for license validation

2: Setup Client Credentials Grant

• Select the Client Credentials Grant tab.
• Configure the details mentioned



Provider Detail	Description
Provider Name	Identity Provider Name for your reference only; it doesn't affect functionality
Introspection Endpoint	IDPs introspection endpoint URL is used to verify if the token is active
Client Id	The unique ID issued by your IDP for authentication
Client Secret	The secret key issued by your IDP, used to authenticate requests

• Click on Save

3: Setup API Restriction

• Once you have saved the client credentials grant, you can set API Restriction - This ensures that the token from IDP can be used for specific methods and APIs only.

• In Allowed API Methods select the methods you want to permit when accessing APIs using the token.
• Similarly in Allowed API Endpoints you can enter specific endpoints that will be allowed access

[We recommend keeping both as concise and restricted as possible to minimize security risks]
If nothing is configured, the token can be used to access all API methods and APIs

Guide to integration

• Once everything is set up, you can proceed by following the method mentioned in the How to access tab.
• Here are some examples for your reference if you are planning to integrate it with some scripts – ClientCredentials Cloud Demo.ipynb
• You can simply use curls as mentioned below to access the APIs –
GET :
curl -X POST <access_endpoint_from_plugin> -H "apikey: <access_token_from_provider>" -d "{'options': {'method': 'GET','headers': {'Content-Type': 'application/json','Accept':'application/json'}},'url':'/rest/api/3/issue/<valid_issue_key>'}"
POST:
curl -X POST <access_endpoint_from_plugin> -H "apikey: <access_token_from_provider>" -d "{'options':{'method':'POST','headers':{'Content-Type':'application/json','Accept':'application/json'},'body':{'fields':{'project':{'id':'<valid_project_id>'},'summary':'CreateIssueviaPOST.','description':'CreatingofanissueviaaPOSTrequestusingtheAPIKeyManager','issuetype':{'id':'<valid_issue_type>'}}}},'url':'/rest/api/2/issue'}"
PUT :
curl -X POST <access_endpoint_from_plugin> -H "apikey: <access_token_from_provider>" -d "{'options':{'method':'PUT','headers':{'Content-Type':'application/json','Accept':'application/json '},'body':{ 'accountId': '<valid_user_account_id>' } },'url':'/rest/api/3/issue/<valid_issue_id>/assignee'}"
DELETE :
curl -X POST <access_endpoint_from_plugin> -H "apikey: <access_token_from_provider>" -d "{'options':{'method':'DELETE','headers':{'Content-Type':'application/json','Accept':'application/json'}},'url':'/rest/api/2/issue/<valid_issue_key>' }"

Troubleshooting

• If you encounter any errors while accessing the plugin, please refer to the error message in the table below to identify the cause.

	Error Message	Possible Causes	Solution
1	Unauthorized - Invalid Token	The token being used is not valid	Please try accessing with a new token
2	Unauthorized - Expired Token	The token being used has expired	Please try accessing with a new token
3	Unauthorized - Invalid / Expired Token	The token being used is either invalid or expired	Please try accessing with a new token
4	Unauthorized - API access is Restricted	The API or request method is restricted by the admin	Verify if the method and API endpoint are permitted in the API Restriction Tab [Admin section]
5	Invalid URL provided	The provided URL is invalid	Please check the request and ensure the URL is correct
6	Parameter Missing	Required parameters (e.g., API key, URL) are missing from the request	Ensure all required parameters are included and verify that parameter names are case-sensitive
7	Invalid / Expired License	The license for the plugin is either invalid or expired.	Verify that the license is active and valid
8	Invalid Configurations - Please configure the provider details in the Client Credentials Tab	Client credential details are not configured	Please enter the required details in the Client Credentials Tab
9	Request body is empty	The request body is missing or not found	Ensure the body is included in the correct JSON format and contains all required parameters

Recommended Add-Ons

Additional Resources

• Enhance API Security for Jira REST APIs with OAuth/API Token
• Enhance Confluence REST APIs Security with OAuth/API Token