Are you ready for the GDPR API deprecation?

Reading Time: 2 minutes

We've recently introduced a new mechanism in Atlassian Connect that allows developers to opt-in to new APIs before the deprecation period ends on the outgoing APIs. This allows developers to test their apps and then signal that their apps are ready for the end of the deprecation period. By adding the apiMigrations field to your app-descriptor you can then subscribe to the active migrations that are currently available.

GDPR API Migration

Currently, the only active migration is the GDPR migration to improve user privacy. The deprecation period for this migration ends on 29 April 2019.

Proper procedure in updating your app

Step 1 – Signal your intent to migrate

Before doing any work you should update and publish an update to your app descriptor to your Marketplace listing by setting the apiMigrations.gdpr property to false.

    "key": "my-app",
    "name": "My App",
    "apiMigrations": {
        "gdpr": false

We are actively monitoring this flag for published apps. Updating this flag to false tells us that you are actively working on migrating your app and that you are not yet ready for deprecation.

Setting this flag to false will have no effect on the APIs your app uses.

Step 2 – Testing your app

In your local development environment, set the apiMigrations.gdpr flag to true.

This will subscribe you to the new APIs which will modify the Connect API behaviors. For the GDPR migration, this means removing legacy user references (username and user key) as valid input parameters or values in the user object response.

For Jira REST APIs, you'll also need to force them to use GDPR-compliant functionality by including the x-atlassian-force-account-id: true header in all Jira REST API calls. For Confluence REST API calls you can force to use GDPR-compliant functionality by setting the query parameter privacyMode=true.

During the GDPR migration, we will be posting weekly updates to the Developer Community with status on any potential blockers that arise for vendors during their migrations. If you run into a blocker that isn't listed in the weekly update then please reply to the latest update to make us aware of the issue.

Step 3 – Publish app and signal your app’s readiness for GDPR

Once you have tested your app and can confirm that it will work with the new user privacy APIs then you're ready to publish your app to the Atlassian Marketplace.

Set the apiMigrations.gdpr flag to true in your published app’s app descriptor and include the header or query parameter in all of your REST API calls as detailed in Step 2 in your published app.

Once published your app is now using the new GDPR-compliant APIs and you've signaled that your app is ready for deprecation of the old APIs.