We have been running into issues with Jira and Confluence due to the rate limiting from Atlassian. We attempted to follow the instructions provided by Glean to create the app, but ran into an issue at Step 11 and the app would not install. We were instructed by Glean support to raise a ticket with Atlassian and received the response below stating that the process outlined by Glean goes against Atlassian's ToS.
My questions is, has any one else run into this issue and successfully carried out the install o the forge app? What are we doing wrong?
Atlassian Response:
I did another review of this request, the provided documentation, and the reasons why the Glean team carried it out this way.
Your request is not supported by Atlassian for the following reasons:
Atlassian Policy
Our policies and security requirements are designed to protect and safeguard our customers and our platform. For that reason, we regularly monitor integration practices for potential risks and provide guidance to our developer community to help keep our platform secure.
Recently, we’ve observed some developers instructing customers to integrate with Atlassian products in ways that violate our policies. Specifically:
- Instructing customers to generate and share API tokens, which are then stored by third-party services to make API calls.
- Asking customers to create individual OAuth 2.0 (3LO) apps for each Atlassian tenant, rather than using a single, centralized app.
These practices go against our Acceptable Use Policy, which forbids misrepresenting the source of API traffic. Storing API tokens also violates our security requirements for cloud apps, which prohibit third-party apps from storing user credentials.
When apps collect personal API tokens or use per-customer 3LO apps, it makes it difficult to trace the true origin of API requests. This makes it harder for Atlassian to manage abuse, protect our customers, and safeguard our platform. Apps that don’t comply with these standards may lose access to our platform in the future.
