It's a good security practice to host your Jira server instances behind a firewall. This often means that you must whitelist explicitly inbound and outbound traffic to Jira for installed Marketplace applications that require it. The OKRs for Jira by Quantive plugin needs bidirectional communication to the Quantive API server. This article explains the API calls the Quantive Jira plugin makes and the corresponding Firewall rules that must be configured.
What API calls does the OKRs for Jira by Quantive plugin make
When you work with the OKRs for Jira by Quantive plugin there are several possible API calls:
When you use the plugin to select a Quantive OKR and link it to a Jira issue the following API calls a re made (via HTPS)
the first call is to fetch the sessions form the configured Quantive account
then we get the OKRs for the selected sessions
alternatively, we make search calls in case you use the search functionality the plugin exposes
once you select the desired OKR and link it to the Jira issue we make a POST request to Quantive and create a Task under the linked OKR. This task represents the Jira issue (so you get 360 degree view of the relation between the OKR and the Jira item).
Additionally, you can configure a Webhook in Jira that posts info to Quantive on issue update/delete so the status of the task created in Quantive is updated dynamically when the Jira issue status is updated (Quantive Plugin for Jira Server | Quantive Help Center). That mechanism will also require outbound calls from Jira to Quantive.
Which URLs must be whitelisted in your firewall
You must add an FQDN rule for the following URLs, depending on the data center your Quantive account is hosted in:
EU Data Center (Quantive accounts with URL like https:///accountDomain.gtmhub.com) - https://app.gtmhub.com/*
US Data Center (Gtmhub accounts with URL like https:///accountDomain.us.gtmhub.com) - https://app.us.gtmhub.com/*
AS Data Center (Gtmhub accounts with URL like https:///accountDomain.as.gtmhub.com) - https://app.as.gtmhub.com/*
SA Data Center (Gtmhub accounts with URL like https:///accountDomain.sa.gtmhub.com) - https://app.sa.gtmhub.com/*
There’s several places this might need to be instrumented, namely:
Jira server itself has a configuration for whitelisted URLs. Request your Jira admin team to add the above whitelisted domain (reference: Configuring the allowlist | Administering Jira applications Data Center and Server 9.1 | Atlassian Documentation)
Your firewall configuration
If your Jira instance is not allowed to communicate with the outside word, you might need to perform some additional actions, for example add a proxy (reference: Configure an outbound proxy for use in Jira server | Jira | Atlassian Documentation)