-
Suggestion
-
Resolution: Won't Fix
-
4
-
Currently the Jira Cloud REST API has 31 endpoints that allow Anonymous users to extract data from an instance:
| friendly name | Endpoint | quicklink |
|---|---|---|
| Get system avatars by type | GET /rest/api/2/avatar/
{type}/system|https://developer.atlassian.com/cloud/jira/platform/rest/v2/#api-rest-api-2-auditing-record-get| |Get avatars| GET /rest/api/2/universal_avatar/type/{type} /owner/ {entityId}
|
https://developer.atlassian.com/cloud/jira/platform/rest/v2/#api-rest-api-2-universal-avatar-type-type-owner-entityId-get |
| Get all dashboards | GET /rest/api/2/dashboard | https://developer.atlassian.com/cloud/jira/platform/rest/v2/#api-rest-api-2-universal-avatar-type-type-owner-owningObjectId-avatar-id-delete |
| Create dashboard | POST /rest/api/2/dashboard | https://developer.atlassian.com/cloud/jira/platform/rest/v2/#api-rest-api-2-dashboard-post |
| Get dashboard | GET /rest/api/2/dashboard/
{id}|https://developer.atlassian.com/cloud/jira/platform/rest/v2/#api-rest-api-2-dashboard-id-get| |Get Jira attachment settings|GET /rest/api/2/attachment/meta|https://developer.atlassian.com/cloud/jira/platform/rest/v2/#api-rest-api-2-attachment-meta-get| |Get fields|GET /rest/api/2/field|https://developer.atlassian.com/cloud/jira/platform/rest/v2/#api-rest-api-2-field-get| |Get custom field option|GET /rest/api/2/customFieldOption/{id} |
https://developer.atlassian.com/cloud/jira/platform/rest/v2/#api-rest-api-2-customField-fieldId-option-post |
| Get issue picker suggestions | GET /rest/api/2/issue/picker | https://developer.atlassian.com/cloud/jira/platform/rest/v2/#api-rest-api-2-issue-picker-get |
| Get issue security level | GET /rest/api/2/securitylevel/
{id}|https://developer.atlassian.com/cloud/jira/platform/rest/v2/#api-rest-api-2-securitylevel-id-get| |Get alternative issue types|GET /rest/api/2/issuetype/{id} /alternatives |
https://developer.atlassian.com/cloud/jira/platform/rest/v2/#api-rest-api-2-issuetype-id-alternatives-get |
| Analyse Jira expression | POST /rest/api/2/expression/analyse | https://developer.atlassian.com/cloud/jira/platform/rest/v2/#api-rest-api-2-expression-analyse-post |
| Evaluate Jira expression | POST /rest/api/2/expression/eval | https://developer.atlassian.com/cloud/jira/platform/rest/v2/#api-rest-api-2-expression-eval-post |
| Get global settings | GET /rest/api/2/configuration | https://developer.atlassian.com/cloud/jira/platform/rest/v2/#api-rest-api-2-configuration-get |
| Get field reference data | GET /rest/api/2/jql/autocompletedata | https://developer.atlassian.com/cloud/jira/platform/rest/v2/#api-group-JQL |
| Get field auto complete suggestions | GET /rest/api/2/jql/autocompletedata/suggestions | https://developer.atlassian.com/cloud/jira/platform/rest/v2/#api-rest-api-2-jql-autocompletedata-get |
| Parse JQL query | POST /rest/api/2/jql/parse | https://developer.atlassian.com/cloud/jira/platform/rest/v2/#api-rest-api-2-jql-autocompletedata-suggestions-get |
| Get locale | GET /rest/api/2/mypreferences/locale | https://developer.atlassian.com/cloud/jira/platform/rest/v2/#api-rest-api-2-mypreferences-locale-get |
| Get my permissions | GET /rest/api/2/mypermissions | https://developer.atlassian.com/cloud/jira/platform/rest/v2/#api-rest-api-2-mypermissions-get |
| Get bulk permissions | POST /rest/api/2/permissions/check | https://developer.atlassian.com/cloud/jira/platform/rest/v2/#api-rest-api-2-permissions-check-post |
| Get permitted projects | POST /rest/api/2/permissions/project | https://developer.atlassian.com/cloud/jira/platform/rest/v2/#api-rest-api-2-permissions-project-post |
| Get component issues count | GET /rest/api/2/component/
{id}
/relatedIssueCounts |
https://developer.atlassian.com/cloud/jira/platform/rest/v2/#api-rest-api-2-component-id-relatedIssueCounts-get |
| Validate project key | GET /rest/api/2/projectvalidate/key | https://developer.atlassian.com/cloud/jira/platform/rest/v2/#api-rest-api-2-projectvalidate-key-get |
| Get valid project key | GET /rest/api/2/projectvalidate/validProjectKey | https://developer.atlassian.com/cloud/jira/platform/rest/v2/#api-rest-api-2-projectvalidate-validProjectKey-get |
| Get valid project nameGET /rest/api/2/projectvalidate/validProjectName | https://developer.atlassian.com/cloud/jira/platform/rest/v2/#api-rest-api-2-projectvalidate-validProjectName-get | |
| Get all project types | GET /rest/api/2/project/type | https://developer.atlassian.com/cloud/jira/platform/rest/v2/#api-rest-api-2-project-type-get |
| Get project type by key | GET /rest/api/2/project/type/ {projectTypeKey} | https://developer.atlassian.com/cloud/jira/platform/rest/v2/#api-rest-api-2-project-type-projectTypeKey-get |
| Get Jira instance info | GET /rest/api/2/serverInfo | https://developer.atlassian.com/cloud/jira/platform/rest/v2/#api-rest-api-2-serverInfo-get |
| Find users assignable to projects | GET /rest/api/2/user/assignable/multiProjectSearch | https://developer.atlassian.com/cloud/jira/platform/rest/v2/#api-rest-api-2-user-assignable-multiProjectSearch-get |
| Get all statuses | GET /rest/api/2/status | https://developer.atlassian.com/cloud/jira/platform/rest/v2/#api-rest-api-2-status-get |
| Get status | GET /rest/api/2/status/ {idOrName} | https://developer.atlassian.com/cloud/jira/platform/rest/v2/#api-rest-api-2-status-idOrName-get |
These endpoints are referred to the V2 of the API, but the V3 endpoints that match with these also have the same open permissions
I would like to Suggest that admins be given the ability to require that all REST API access be authenticated with the instance to prevent anonymous data mining. This could be done as a global setting. This would allow admins to disable it if it interferes with any apps.