Remove user_id and user_key query parameters from webhooks when opted in by apps

Description

As part of GDPR compliance, we are changing how apps access users' personal data.
Currently webhooks always include two query parameters `user_key` and `user_id` (username). After implementation of this change this parameters will be removed.

Please note this change will take effect after the deprecation period so all apps are expected to migrate to use atlassian id instead of user info.

Environment

None

Activity

Show:
Marcin Kokoszka
September 5, 2019, 12:23 PM

Thank you for information Einar.

Einar Pehrson
April 2, 2019, 10:26 AM

, no, we will not. To identify events for actions performed by your own app, inspect the JWT sub claim to see if the account ID is that of your app user.

To identify events for actions performed by other apps, you will need to inspect the webhook payload for a User object with an account type.

Marcin Kokoszka
April 2, 2019, 8:12 AM

Will you provide account type and/or account id in parameters?
Ideal solution is a boolean indicating "Your add-on user made a change that triggered this event -> webhook"

Ivan Ryabov
March 14, 2019, 2:07 AM
Edited

Jira webhooks are currently still being sent with the `user_id` and `user_key` query parameters even for apps that have opted in to the new API behaviour. We are working to fix this soon. Please note that for apps that have already opted in, these changes will be technically non backward compatible which is why we plan to roll them out in a progressive manner.

Marcin Kokoszka
March 13, 2019, 10:02 AM

I think this ticket should be linked with https://ecosystem.atlassian.net/browse/ACJIRA-1674

Fixed

Assignee

Ivan Ryabov

Reporter

Dugald Morrow