I’m working on connecting an external application to JIRA version 4.3 and need help with authentication options. I know that asking users for their login credentials directly isn’t a good approach. From what I’ve read, OAuth support only came in version 5, so that’s not available for my use case.
Can someone explain what authentication methods are supported in JIRA 4.3 for external integrations? I’m specifically trying to retrieve information using the REST API version 4.4.1. I don’t want to build a plugin or upgrade to REST v5, just need to fetch data from the existing JIRA instance.
What would be the recommended approach for this scenario? Any guidance would be appreciated.
JIRA 4.3 only supports basic auth, so you’ll have to send credentials in the Authorization header every time. Cache the credentials in your app to avoid bugging users constantly - store the encoded creds in your session or config and handle 401s by re-authenticating when needed. Make sure you’re validating SSL certs to prevent man-in-the-middle attacks. You’ll probably want retry logic with exponential backoff since JIRA 4.3 gets flaky with multiple concurrent calls. REST API 4.4.1 works fine with basic auth - just don’t forget to set your Content-Type header properly.
Having worked with JIRA 4.3, I can confirm that your authentication options are indeed limited to basic HTTP authentication. It’s important to minimize credential exposure, so I recommend setting up a dedicated service account with limited permissions for your external application. If your JIRA instance supports application passwords, utilizing them is a more secure alternative than using regular user passwords. As for the REST API 4.4.1, it’s compatible with basic auth. Additionally, it’s worth checking with your administrator if there are any custom authentication plugins that could provide greater flexibility.
with 4.3, ur limited to basic auth only. try asking ur admin about trusted apps - sometimes they can whitelist IPs/apps to lessen auth issues. also, make sure to use HTTPS since credentials are just base64 encoded, which ain’t super secure.