Because of a known issue, Jira Data Center 8.6.0 and 8.6.1 apply rate limiting to integrations with Atlassian cloud products. Until we release an official fix, you can use this workaround to allowlist your product’s OAuth consumer key, and remove any rate limits for it.

はじめる前に

You can retrieve your product’s OAuth consumer key from the Jira log file. To get it written there, a request coming from your product will need to be limited. The quickest way to do this is to set rate limiting to Block all requests and wait for a request being limited. You can also block requests for one user and then use it to make an incoming request.

Allowlisting OAuth consumer keys

Find the consumer key

1. Set the logging level for com.atlassian.ratelimiting.internal to TRACE. For more info, see Logging and profiling.

2. Send a request from the integrated application so it gets limited.

3. Open the Jira log file, and search for DefaultRateLimitUIRequestHandler.

4. You’re interested in the Authorization header, which looks similar to this example:

   "Authorization: OAuth oauth_token=\"\", oauth_consumer_key=\"FishEye%3A9639366062\", oauth_signature_method=\"RSA-SHA1\", oauth_timestamp=\"1574434622\", oauth_nonce=\"6073902753180203\", oauth_version=\"1.0\", oauth_signature=\"o1QQ%2FIx2Ople7wGtQVSlqVrfKkoJiQ%2FmgH2JvUvTvqR6kivgf7RtBGZDaFS1b6eHrrFHGyOCuAxOLhaa2PZriiI%2BTIDCbg%2FHUH6aaYg5CJ0D%2F%2BPS7iHAWG4lc35TBK4IDE07HZtoVpCM3kYId1HPhdVAmY8NiKqQfavDM5ktixo%3D\""

The consumer key is printed in oauth_consumer_key, and it should have the following pattern: <application>:<key>.

Allowlist the consumer key

1. Go to Administration > System > General configuration > Advanced settings.

2. Add the consumer key to the com.atlassian.ratelimiting-whitelisted-oauth-consumers option. If you have multiple consumer keys, add them as a comma-separated list, and watch out for overwriting your previous keys.

It takes up to 1 minute to apply the new settings. Once that’s done, the traffic coming from/to the integrated application will no longer be limited.