OAuth Scopes and Endpoints
Required Scopes and Endpoint Domains for Jira Assets
When integrating with Jira Assets, your application needs specific permissions to interact with the API.These permissions are defined by access scopes, which determine what data your application can access and what actions it can perform.
This topic provides information about the required access scopes and endpoint domains for the Jira Assets server.
Understanding Scopes
Scopes are a way to limit an application's access to a user's data. They define the specific actions that an application can perform on behalf of the user.
For example, a read-only scope might allow an application to view data, while a full access scope might allow it to modify data.
Required Scopes for Jira Assets
Scopes can be controlled using the Scope connection property.
Jira Assets Cloud has two types of scopes: Classic and Granular.
| Scope | Type | Description |
| import:import-configuration:cmdb | Granular | Allow to read and update import structure and import data into Assets. |
| read:cmdb-object:jira | Granular | Read Assets objects, their attributes values and details. |
| write:cmdb-object:jira | Granular | Create or update Assets objects, their attributes values and details. |
| delete:cmdb-object:jira | Granular | Allow the app to delete Objects from Assets. |
| read:cmdb-schema:jira | Granular | Get list of or details of individual schemas in Assets. |
| write:cmdb-schema:jira | Granular | Create new schemas or update details of existing schemas in Assets. |
| delete:cmdb-schema:jira | Granular | Delete Assets schemas. |
| read:cmdb-type:jira | Granular | Read Assets object types and their attributes. |
| write:cmdb-type:jira | Granular | Create or update Assets object types and their attributes. |
| delete:cmdb-type:jira | Granular | Delete Assets object types. |
| read:cmdb-attribute:jira | Granular | Get list of all Assets object type attributes for a schema or an object type. |
| write:cmdb-attribute:jira | Granular | Create or update Assets object type attributes. |
| delete:cmdb-attribute:jira | Granular | Delete Assets object type attributes. |
| read:cmdb-icon:jira | Granular | Get an Assets icon details or list of globally defined icons. |
| read:cmdb-config:jira | Granular | Read Assets configuration. |
| write:cmdb-config:jira | Granular | Create or update Assets configuration. |
| delete:cmdb-config:jira | Granular | Delete Assets configuration. |
| read:servicedesk-request | Classic | Read customer request data, including approvals, attachments, comments, request participants, and status/transitions. Read service desk and request types, including searching for request types and reading request type fields, properties and groups. |
Understanding Endpoint Domains
Endpoint domains are the specific URLs that the application needs to communicate with in order to authenticate, retrieve records, and perform other essential operations.
Allowlisting these domains ensures that the network traffic between your application and the API is not blocked by firewalls or security settings.
Note: Most users do not need to make any special configurations. Allowlisting is typically only necessary for environments with strict security measures, such as restricted outbound network traffic.
Required Endpoint Domains for Jira Assets
| Domain | Always Required | Description |
| <URL> | TRUE | The URL of your Jira Assets instance. |
| api.atlassian.com | TRUE | The base URL of the Jira Assets API. |