OAuth Scopes and Endpoints
Required Scopes and Endpoint Domains for Jira
When integrating with Jira, your application needs specific permissions to interact with the API.These permissions are defined by access scopes, which determine what data your application can access and what actions it can perform.
This topic provides information about the required access scopes and endpoint domains for the Jira provider.
Understanding Scopes
Scopes are a way to limit an application's access to a user's data. They define the specific actions that an application can perform on behalf of the user.
For example, a read-only scope might allow an application to view data, while a full access scope might allow it to modify data.
Required Scopes for Jira
Scopes can be controlled using the Scope connection property.
Jira has two types of scopes: Classic and Granular. Jira recommends Classic scopes when available.
Scope | Type | Description |
read:jira-user | Classic | View user information in Jira that the user has access to, including usernames, email addresses, and avatars. Required for read and write access. |
read:jira-work | Classic | Read Jira project and issue data, search for issues and objects associated with issues like attachments and worklogs. Required for read and write access. |
write:jira-work | Classic | Create and edit issues in Jira, post comments as the user, create worklogs, and delete issues. Required for write access. |
manage:jira-project | Classic | Create and edit project settings and create new project-level objects (for example, versions and components). Required for write access. |
manage:jira-configuration | Classic | Take Jira administration actions (for example, create projects and custom fields, view workflows, and manage issue link types). Required for write access. |
read:application-role:jira | Granular | View application roles. Required for read and write access. |
read:audit-log:jira | Granular | View audit logs. Required for read and write access. |
read:dashboard:jira | Granular | View dashboards. Required for read and write access. |
read:filter:jira | Granular | View filters. Required for read and write access. |
read:filter.column:jira | Granular | View filter columns. Required for read and write access. |
read:group:jira | Granular | View user groups. Required for read and write access. |
read:issue:jira | Granular | View issues. Required for read and write access. |
write:issue:jira | Granular | Create and update issues. Required for write access. |
delete:issue:jira | Granular | Delete issues. Required for write access. |
read:issue-meta:jira | Granular | View issue meta. Required for read and write access. |
read:attachment:jira | Granular | View issue attachments. Required for read and write access. |
write:attachment:jira | Granular | Create and update issue attachments. Required for write access. |
delete:attachment:jira | Granular | Delete issue attachments. Required for write access. |
read:comment:jira | Granular | View issue comments. Required for read and write access. |
write:comment:jira | Granular | Create and update issue comments. Required for write access. |
delete:comment:jira | Granular | Delete issue comments. Required for write access. |
read:comment.property:jira | Granular | View issue comment properties. Required for read and write access. |
write:comment.property:jira | Granular | Create and update issue comment properties. Required for write access. |
delete:comment.property:jira | Granular | Delete issue comment properties. Required for write access. |
read:field:jira | Granular | View fields. Required for read and write access. |
write:field:jira | Granular | Create and update fields. Required for write access. |
read:field.option:jira | Granular | View field options. Required for read and write access. |
read:field.options:jira | Granular | Read field options. Required for read and write access. |
read:custom-field-contextual-configuration:jira | Granular | Read custom field contextual configurations. Required for read and write access. |
write:custom-field-contextual-configuration:jira | Granular | Save custom field contextual configurations. Required for write access. |
read:field-configuration:jira | Granular | Read field configurations. Required for read and write access. |
write:field-configuration:jira | Granular | Save field configurations. Required for write access. |
read:issue-link:jira | Granular | View issue links. Required for read and write access. |
read:issue-link-type:jira | Granular | View issue link types. Required for read and write access. |
read:issue.property:jira | Granular | View issue properties. Required for read and write access. |
read:priority:jira | Granular | View priorities. Required for read and write access. |
read:resolution:jira | Granular | View resolutions. Required for read and write access. |
read:issue-details:jira | Granular | View issue details. Required for read and write access. |
read:issue-security-scheme:jira | Granular | View issue security schemes. Required for read and write access. |
read:issue-type:jira | Granular | View issue types. Required for read and write access. |
read:issue-type-scheme:jira | Granular | View issue type schemes. Required for read and write access. |
read:issue-type.property:jira | Granular | View issue type properties. Required for read and write access. |
read:issue.watcher:jira | Granular | View issue watchers. Required for read and write access. |
read:issue-worklog:jira | Granular | View issue worklogs. Required for read and write access. |
read:issue-field-values:jira | Granular | View issue field values. Required for read and write access. |
read:issue-security-level:jira | Granular | View issue security levels. Required for read and write access. |
read:issue-status:jira | Granular | View issue statuses. Required for read and write access. |
read:issue.changelog:jira | Granular | View issue changelogs. Required for read and write access. |
read:issue.transition:jira | Granular | View issue transitions. Required for read and write access. |
delete:issue-type:jira | Granular | Delete issue types. Required for write access. |
write:issue-type:jira | Granular | Create and update issue types. Required for write access. |
read:user:jira | Granular | View users. Required for read and write access. |
read:user.columns:jira | Granular | View user columns. Required for read and write access. |
read:project:jira | Granular | View projects. Required for read and write access. |
write:project:jira | Granular | Create and update projects. Required for write access. |
delete:project:jira | Granular | Delete projects and their details, such as issue types, project lead, and avatars. Required for write access. |
read:project-category:jira | Granular | View project categories. Required for read and write access. |
read:project.component:jira | Granular | View project components. Required for read and write access. |
write:project.component:jira | Granular | Create and update project components. Required for write access. |
delete:project.component:jira | Granular | Delete project components. Required for write access. |
read:project.property:jira | Granular | View project properties. Required for read and write access. |
write:project.property:jira | Granular | Create and update project properties. Required for write access. |
delete:project.property:jira | Granular | Delete project properties. Required for write access. |
read:project-role:jira | Granular | View project roles. Required for read and write access. |
write:project-role:jira | Granular | Create and update project roles. Required for write access. |
delete:project-role:jira | Granular | Delete project roles. Required for write access. |
read:project-version:jira | Granular | View project versions. Required for read and write access. |
write:project-version:jira | Granular | Create and update project versions. Required for write access. |
delete:project-version:jira | Granular | Delete project versions. Required for write access. |
read:issue.time-tracking:jira | Granular | View issue time tracking. Required for read and write access. |
write:issue.time-tracking:jira | Granular | Create and update issue time tracking. Required for write access. |
read:user.property:jira | Granular | View user properties. Required for read and write access. |
write:user.property:jira | Granular | Create and update user properties. Required for write access. |
delete:user.property:jira | Granular | Delete user properties. Required for write access. |
read:workflow:jira | Granular | View workflows. Required for read and write access. |
read:workflow-scheme:jira | Granular | View workflow schemes. Required for read and write access. |
read:status:jira | Granular | View statuses. Required for read and write access. |
read:workflow.property:jira | Granular | View workflow properties. Required for read and write access. |
read:project-type:jira | Granular | View project types. Required for read and write access. |
read:project.email:jira | Granular | View project emails. Required for read and write access. |
write:project.email:jira | Granular | Create and update project emails. Required for write access. |
read:role:jira | Granular | View roles. Required for read and write access. |
read:user-configuration:jira | Granular | View user configurations. Required for read and write access. |
write:user-configuration:jira | Granular | Create and update user configurations. Required for write access. |
delete:user-configuration:jira | Granular | Delete user configurations. Required for write access. |
read:jql:jira | Granular | View JQL. Required for read and write access. |
validate:jql:jira | Granular | Validate JQL. Required for read and write access. |
Understanding Endpoint Domains
Endpoint domains are the specific URLs that the application needs to communicate with in order to authenticate, retrieve records, and perform other essential operations.
Allowlisting these domains ensures that the network traffic between your application and the API is not blocked by firewalls or security settings.
Note: Most users do not need to make any special configurations. Allowlisting is typically only necessary for environments with strict security measures, such as restricted outbound network traffic.
Required Endpoint Domains for Jira
Domain | Always Required | Description |
<URL> | TRUE | The URL of your Jira instance. |
api.atlassian.com | FALSE | The base URL of the Jira API. Required when AuthScheme is set to OAuth. |
<SSOLoginURL> | FALSE | The URL of your SSO provider. Required when AuthScheme is set to OKTA or CROWD. |
<SSOExchangeURL> | FALSE | Your SSO Exchange URL. Required when AuthScheme is set to OKTA or CROWD. |