APIs & Integrations
Jira
Overview
Pre-built tooling
Pre-built integrations
Not seeing the integration you need? Build your own independently.
Access requirements
Pre-Requisites | Status | Comment |
---|---|---|
Paid dev account | ✅ Not required | Free, self-signup for an Atlassian developer account. |
Paid test account | ✅ Not required | Free Jira Cloud instance can be used for testing. |
Partnership | ✅ Not required | |
App review | ⚠️ Conditional | Required only if you want to list your app on the Atlassian Marketplace. |
Security audit | ✅ Not required |
Setup guide
1
Create an Atlassian developer account
If you don’t already have one, sign up for an Atlassian developer account.
2
Create a new OAuth 2.0 (3LO) app
- Go to the Atlassian Developer Console.
- Click Create and select OAuth 2.0 integration.
- Enter a name, agree to Atlassian’s developer terms by checking the agreement checkbox for your app and click Create.
- Your app will be created and you’ll be taken to the app management page.
3
Configure OAuth 2.0 (3LO)
- In the left sidebar, select Authorization.
- Next to OAuth 2.0 (3LO), click Add.
- Enter
https://api.nango.dev/oauth/callback
as the Callback URL. - Click Save to save your changes.
4
Add API permissions
- In the left sidebar, select Permissions.
- Find the Jira API and click Add, and then click Configure.
- Click Edit Scopes then select the scopes your application requires. Common scopes include:
read:jira-user
- Read user informationread:jira-work
- Read issues, projects, and workflowswrite:jira-work
- Create and update issuesdelete:jira-work
- Delete issuesmanage:jira-project
- Manage project settingsmanage:jira-configuration
- Manage Jira instance settingsoffline_access
- Get refresh tokens (required for long-term access)
- Click Save to save your changes.
5
Obtain your client credentials
- In the left sidebar, select Settings.
- Note your Client ID.
- Copy both the Client ID and Secret by clicking the copy buttons next to them, as you’ll need them when configuring your integration in Nango.
6
Make your app available to users (optional)
If you want to distribute your app to other users:
- In the left sidebar, select Distribution.
- In Distribution controls, click the Edit button, then select the Sharing radio button.
- Return to the Authorization page and copy the Authorization URL to share with your users.
Note: By default, your app is private and can only be used by you. Making it public allows other users to authorize your app.
7
Next
Follow the Quickstart.
Need help getting started? Get help in the community.
Useful links
Contribute useful links by editing this page
Common Scopes
Scope | Description |
---|---|
read:jira-user | Read user information |
read:jira-work | Read Jira work items (issues, projects, etc.) |
write:jira-work | Create and update Jira work items |
offline_access | Access to refresh tokens for offline access |
API gotchas
- Refreshing tokens require the
offline_access
scope when creating the integration on the Nango UI. - You will need to fetch your Cloud ID to be able to make API requests to the Jira API v3. You can do this with the proxy by calling:
You can then construct your URL as follows: https://api.atlassian.com/ex/jira/${cloudId}/rest/api/3/<endpoint>
- When you create an OAuth 2.0 (3LO) app, it’s private by default. Before using the integration, you must make your app public. If you want to make your app public, find the how-to here.
- Refresh tokens will expire after 365 days of non use and will expire by 90 days if the resource owner is inactive for 90 days. Make sure you call
nango.getConnection()
at least every 365 days to trigger a refresh. See reference here. - Nango also supports
BASIC
auth for REST APIs in Jira. To use this feature, provide youremail
as the username and yourapi_token
as the password. To generate anapi_token
, please refer to the Manage Atlassian API Tokens section - You will also need to supply your
subdomain
. When logged into your Atlassian account or Jira instance, look at the URL in your web browser. Thesubdomain
part before.atlassian.net
is your Jira subdomain. - The
state
parameter is required for security in the OAuth flow to prevent CSRF attacks. Nango handles this automatically. - Jira’s OAuth implementation uses rotating refresh tokens. Each time you refresh an access token, you’ll receive a new refresh token that invalidates the previous one.
- When making API calls, remember that the permissions of the user who authorized your app will limit what your app can do, regardless of the scopes you’ve requested.
- The Jira REST API has different versions (v2 and v3). Make sure you’re using the correct version for your needs.
Contribute API gotchas by editing this page
Connect to jira-basic
Guide to connect to jira-basic using Nango Connect.