Security
User credentials | Our solution does not require to provide any remote user credentials. All changes are made on behalf of (local) Technical User account. Changes are made via JIRA REST API and JIRA JAVA API but those calls are internal (within the same server). | |
Data exposition | You don't expose any additional information except defined in your Contract. | |
Communication control | You can stop communication at any time and no data will be read/write to your JIRA (see status of Contract, invalidating Connection configuration or disabling some triggers on your Contract). | |
API access | Communication between JIRAs is only via plugins API (no direct access to JIRA REST API methods). | |
Authentication | Authentication is made by the token provided in Connection's configuration. | |
SSL | SSL is recommended and supported. Check how to deal with SSL. | |
Verification | Incoming network communication must match Connection's URL provided by JIRA administrator. | |
Firewall | If one of JIRA cannot be exposed over network use Push & Pull Communication Model. (Behind Firewall scenario in Use Cases). Communication is bidirectional even when one JIRA is behind firewall. In that case 'Active' JIRA (one that can see the public JIRA) do push and pull. Our solution (Server-Server) does not use any intermediate server (like SMTP) to send-receive data. Because of that we do not support scenarios where both JIRAs are behind firewall. |