Jira
Overview
Pre-built tooling
Pre-built integrations
Access requirements
Pre-Requisites | Status | Comment |
---|---|---|
Paid dev account | ✅ Not required | Free, self-signup for an Atlassian developer account. |
Paid test account | ✅ Not required | Free Jira Cloud instance can be used for testing. |
Partnership | ✅ Not required | |
App review | ⚠️ Conditional | Required only if you want to list your app on the Atlassian Marketplace. |
Security audit | ✅ Not required |
Setup guide
Create an Atlassian developer account
If you don’t already have one, sign up for an Atlassian developer account.
Create a new OAuth 2.0 (3LO) app
- Go to the Atlassian Developer Console.
- Click Create and select OAuth 2.0 integration.
- Enter a name, agree to Atlassian’s developer terms by checking the agreement checkbox for your app and click Create.
- Your app will be created and you’ll be taken to the app management page.
Configure OAuth 2.0 (3LO)
- In the left sidebar, select Authorization.
- Next to OAuth 2.0 (3LO), click Add.
- Enter
https://api.nango.dev/oauth/callback
as the Callback URL. - Click Save to save your changes.
Add API permissions
- In the left sidebar, select Permissions.
- Find the Jira API and click Add, and then click Configure.
- Click Edit Scopes then select the scopes your application requires. Common scopes include:
read:jira-user
- Read user informationread:jira-work
- Read issues, projects, and workflowswrite:jira-work
- Create and update issuesdelete:jira-work
- Delete issuesmanage:jira-project
- Manage project settingsmanage:jira-configuration
- Manage Jira instance settingsoffline_access
- Get refresh tokens (required for long-term access)
- Click Save to save your changes.
Obtain your client credentials
- In the left sidebar, select Settings.
- Note your Client ID.
- Copy both the Client ID and Secret by clicking the copy buttons next to them, as you’ll need them when configuring your integration in Nango.
Make your app available to users (optional)
If you want to distribute your app to other users:
- In the left sidebar, select Distribution.
- In Distribution controls, click the Edit button, then select the Sharing radio button.
- Return to the Authorization page and copy the Authorization URL to share with your users.
Note: By default, your app is private and can only be used by you. Making it public allows other users to authorize your app.
Next
Follow the Quickstart.
Useful links
Common Scopes
Scope | Description |
---|---|
read:jira-user | Read user information |
read:jira-work | Read Jira work items (issues, projects, etc.) |
write:jira-work | Create and update Jira work items |
offline_access | Access to refresh tokens for offline access |
API gotchas
- Refreshing tokens require the
offline_access
scope when creating the integration on the Nango UI. - When connecting to Jira, you have two options for specifying which Jira site to connect to:
- Provide a
baseUrl
during connection creation (recommended) - Let Nango auto-select the first available site (legacy behavior): If no baseUrl is specified, Nango will use the first site from the accessible resources api.
- Provide a
-
A single Jira OAuth token can be valid for multiple Atlassian sites. For example, the same token might grant access to both “nango-hq.atlassian.net” and “nango-test.atlassian.net”. This is why specifying the
baseUrl
during connection creation is important if you need to connect to a specific site. -
The connection process works as follows:
- Nango fetches all accessible sites for the OAuth token
- If you specified a
domain
, Nango finds the matching site and sets itscloudId
- If no
domain
is specified, Nango uses the first available site - The selected site’s
cloudId
anddomain
are stored in the connection configuration
-
The
cloudId
is required for making API requests to the Jira API v3. Nango handles this automatically by matching it to your specifiedbaseUrl
or selecting the first available site. Your API URLs will be constructed as:https://api.atlassian.com/ex/jira/${cloudId}/rest/api/3/<endpoint>
You can then construct your URL as follows: https://api.atlassian.com/ex/jira/${cloudId}/rest/api/3/<endpoint>
- When you create an OAuth 2.0 (3LO) app, it’s private by default. Before using the integration, you must make your app public. If you want to make your app public, find the how-to here.
- Refresh tokens will expire after 365 days of non use and will expire by 90 days if the resource owner is inactive for 90 days. Make sure you call
nango.getConnection()
at least every 365 days to trigger a refresh. See reference here. - Nango also supports
BASIC
auth for REST APIs in Jira. To use this feature, provide youremail
as the username and yourapi_token
as the password. To generate anapi_token
, please refer to the Manage Atlassian API Tokens section - The
state
parameter is required for security in the OAuth flow to prevent CSRF attacks. Nango handles this automatically. - Jira’s OAuth implementation uses rotating refresh tokens. Each time you refresh an access token, you’ll receive a new refresh token that invalidates the previous one.
- When making API calls, remember that the permissions of the user who authorized your app will limit what your app can do, regardless of the scopes you’ve requested.
- The Jira REST API has different versions (v2 and v3). Make sure you’re using the correct version for your needs.
Connect to jira-basic
Guide to connect to jira-basic using Nango Connect.