Jira Software integration security
Atlassian Cloud Connections
TeamRetro utilizes Oauth2 authorization to integrate with Jira Software (Cloud) instances. The integration requires five access scopes:
| Scope | Required for: |
| read:jira-work | Read project list and issue metadata during configuration of the integration. |
| write:jira-work | Write action items to Jira. |
| read:jira-user | Enable Jira / TeamRetro users to be matched for action item assignments. |
| offline_access | Post action items to Jira without requiring re-authentication each time. |
| manage:jira-configuration | Access priority search API to align TeamRetro and Jira priority values. |
Further information on these access scopes can be found at https://developer.atlassian.com/cloud/jira/platform/scopes/
Application Link Connections
For Jira Software (Data Center) edition we support Oauth authentication via Application Links.
| Scope | Required for: |
| WRITE | Write action items to Jira (read for project list and issue metadata is implicit). |
Basic Authentication Connections
Not Recommended. For Jira Software (Data Center) and Jira Software (Server) editions we support basic authentication via Jira username/password. As we need to send these across with the API they are stored encrypted but not hashed - so we do recommend creating a separate Jira user for TeamRetro if using this integration method.
Request Origination
Calls to Jira Server / Jira Cloud will originate from our servers in AWS and are proxied via fixed IP addresses:
- US Environment - 44.207.115.152
- EU Environment - 3.74.131.45
Jira APIs Used
In order to send action items through to Jira, we retrieve a list of projects, issue types and field definitions for the selected issue types to allow the administrator to select the target issue location in Jira, populate required values, and select default values.
| Purpose | Data Center & Server editions | Cloud edition |
| Get authorized user info, test connectivity | /rest/api/2/myself (GET) | /rest/api/3/myself (GET) |
| List projects | /rest/api/2/project (GET) | /rest/api/3/project/search (GET) |
| Retrieve project details | /rest/api/2/project/... (GET) | /rest/api/3/project/... (GET) |
| Retrieve issue types for selected project | /rest/api/2/issue/createmeta/.../issuetypes (GET) | /rest/api/3/project/...?expand=issueTypes (GET) |
| Retrieve field definitions for issue type | /rest/api/2/issue/createmeta/.../issuetypes/... (GET) | /rest/api/3/issue/createmeta (GET) |
| Retrieve components for custom fields | /rest/api/2/project/.../components (GET) | /rest/api/3/project/.../components (GET) |
| Retrieve users for custom fields | /rest/api/2/user/picker (GET) | /rest/api/3/user/picker (GET) |
| Search for assigned user & confirm they are valid for assignment | /rest/api/2/user/search (GET) /rest/api/2/user/assignable/search (GET) |
/rest/api/3/user/assignable/search (GET) |
| Retrieve priority options | /rest/api/2/priority (GET) | /rest/api/3/priority (GET) /rest/api/priority/search (GET) |
| Publish a Jira Issue | /rest/api/2/issue (POST) | /rest/api/3/issue (POST) |
| Delete a published Jira Issue | /rest/api/2/issue/... (DELETE) | /rest/api/3/issue/... (DELETE) |
| Search for published Jira Issue (used if two-way synchronization is enabled) | /rest/api/2/search (POST) |
/rest/api/3/search/jql (POST) |
We do not read any other issues / data.