Just a heads up: On March 24, 2025, starting at 4:30pm CDT / 21:30 UTC, the site will be undergoing scheduled maintenance for a few hours. During this time, the site might be unavailable for a short while. Thanks for your patience.

×
Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Product Q&A
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

How to i disable REST API calls on JIRA, or prevent our private data from being exposed?

James
James January 30, 2021

How to i limit REST API calls on JIRA, or prevent our private data from being exposed?


I've learned that I can't turn off the REST API all together as i would desire too, but how do i prevent our private information from being exposed? I've had developers and users reach out to our admin's b/c they can see our private info available in the REST API. 

i've spent way too much time mucking about in the admin trying to figure out how to manage this without any success. I see no mention of the API and/or how to manage how to suppress it via our user group settings. 

I would love to have some help, thanks in advance if someone can help us resolve this.

Answer
Watch
Like Be the first to like this
4747 views

2 answers

1 accepted

1 vote
Answer accepted
Nic Brough -Adaptavist-
Nic Brough -Adaptavist-
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
January 30, 2021

Jira can not work without the REST API, so there's no way to turn it off.

But it does restpect the permissions that you set for the UI.  If someone can see an issue in the REST API, then they can see it in the UI as well.

What are you trying to secure that you think is leaking out over REST?

View More Comments
James
James February 1, 2021

in short our rest api, list our company name and individual users and some project tasks to anyone who browses it, and i would ideally like that to not be the case. 

Like
Nic Brough -Adaptavist-
Nic Brough -Adaptavist-
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
February 1, 2021

They can get the same from the UI too, you'd want to think about how to remove it from there as well.

Like
Reply
0 votes
James
James February 1, 2021

in short our rest api, list our company name and individual users and some project tasks to anyone who browses it, and i would ideally like that to not be the case. 

Reply

Suggest an answer

Log in or Sign up to answer
Jira
Jira
DEPLOYMENT TYPE
CLOUD
PRODUCT PLAN
STANDARD
PERMISSIONS LEVEL
Product Admin
TAGS
AUG Leaders

Atlassian Community Events

    See all events