Documentation Index
Fetch the complete documentation index at: https://docs.pipeshub.com/llms.txt
Use this file to discover all available pages before exploring further.
Overview
Jira is the leading project management and issue tracking platform developed by Atlassian. It’s widely used by software development teams, IT departments, and business teams to plan, track, and manage work through customizable workflows.Jira Data Structure
The connector understands Jira’s hierarchical data model: Projects → Issues → Comments/Attachments| Entity | Description |
|---|---|
| Projects | Top-level containers for organizing work (e.g., Engineering, Marketing) |
| Issues | Work items including bugs, tasks, stories, epics, and custom types |
| Comments | Discussion threads attached to issues |
| Attachments | Files, images, and documents attached to issues |
| Users & Groups | Team members and their group memberships |
| Project Roles | Role-based access control for project permissions |
What Gets Synced
The connector indexes the following content for AI-powered search:- Issue Content: Summary, description (with rich text/ADF support), status, priority, labels
- Issue Metadata: Reporter, assignee, created/updated dates, custom fields
- Comments: Full comment threads with author information
- Attachments: All file types attached to issues (PDFs, images, documents)
- Permissions: Project-level and issue-level access controls are preserved
Configuration Guide
The Jira connector supports two authentication methods. Both sync the same data — pick whichever fits your rollout.Prerequisite: Email Visibility
This prerequisite applies to both authentication methods (OAuth and API Token). Why email visibility matters. PipesHub uses email addresses to match Jira users with their permissions. If a user’s email is hidden:- PipesHub cannot identify the user when syncing permissions
- Records will appear invisible to that user even if they have proper access in Jira
- The user won’t be able to see any content they should have access to
- Click your profile picture in the top right → select Account Settings.
- Select the Profile and visibility tab.
- Scroll down to the Contact section.
- In the Who can see this? dropdown for your email address, select either Anyone (recommended) or Your organization.
This is a per-user setting that must be configured by each individual user. Administrators cannot change this setting for other users. We recommend communicating this requirement to your team during the Jira connector rollout.
Choose an authentication method
| Method | Best for |
|---|---|
| OAuth 2.0 (3LO) | Multi-user / org-wide rollouts, production — per-user refresh tokens, per-user consent, audit trail. Requires Atlassian Developer Console access. |
| API Token | Single-account setups, quick POCs, or environments where you cannot register an OAuth app. Fastest path to sync. |
- OAuth 2.0
- API Token
Step 1: Access the Atlassian Developer Console
- Go to developer.atlassian.com/console/myapps/ and sign in with your Atlassian account (must have admin access to your Jira workspace).
- You’ll see the My apps page where you create and manage OAuth 2.0 integrations.
Step 2: Create a new OAuth 2.0 integration
- Click Create in the top-right corner.
- Select OAuth 2.0 integration from the dropdown.
- Fill in the application details:
- Name: Enter a meaningful name (e.g.,
PipesHub Jira Connector). - Check the box to agree to Atlassian’s developer terms.
- Name: Enter a meaningful name (e.g.,
- Click Create.
OAuth 2.0 (3LO) integrations use rotating refresh tokens by default, which improves security by limiting token validity and enabling automatic detection of refresh-token reuse.
Step 3: Review the application overview
After creation, you’ll land on the app overview page. It shows:- App ID — your application’s unique identifier
- Distribution status — whether the app is shared publicly
- Permissions — API scopes configured for the app
- Authorization — OAuth 2.0 (3LO) authorization settings
Step 4: Configure OAuth 2.0 authorization
- In the left sidebar, click Authorization.
- Find OAuth 2.0 (3LO) in the authorization types list.
- Click Add to enable OAuth 2.0 authorization for your app.
- Get the Redirect URL from PipesHub:
- In PipesHub, go to Workspace Settings → Connectors, find Jira, and click + Setup for a new instance.
- The connector panel opens as a right-side drawer. On the Authenticate Instance tab, copy the Redirect URL.
- Paste the copied URL into the Callback URL field in Atlassian Developer Console.
- Click Save changes.
Step 5: Add API permissions
- In the left sidebar, click Permissions.
- You’ll see a list of available Atlassian APIs.
- Add scopes for both User identity API and Jira API.
| Scope | Description |
|---|---|
read:account | View user profiles (required for user identification) |
The
offline_access scope is automatically included when you configure OAuth 2.0 (3LO). It enables refresh tokens so scheduled synchronization continues when users are not actively logged in.| Scope | Description |
|---|---|
read:jira-work | Read Jira project and issue data, search issues, attachments, worklogs |
read:jira-user | Read Jira user information (usernames, emails, avatars) |
The connector uses only read-only classic scopes. It does not require any write or manage permissions.
| Scope | Description |
|---|---|
read:user:jira | View user details |
read:group:jira | View groups and group members |
read:avatar:jira | View user and project avatars |
read:audit-log:jira | Read audit logs (for detecting deleted issues) |
read:application-role:jira | Read application roles |
read:project-role:jira | Read project roles and role assignments |
Classic scopes (
read:jira-work, read:jira-user) provide the primary data access. Granular scopes enable specific features: user lookup, group resolution, audit-log-based deletion detection, and project role permissions.Step 6: Copy Client ID and Client Secret
- In the left sidebar, click Settings.
- Scroll to the Authentication details section.
- Copy:
- Client ID — used as Application (Client) ID in PipesHub.
- Secret — used as Client Secret in PipesHub. Copy it immediately.
Step 7: Authenticate Instance tab — enter credentials
The connector drawer in PipesHub has three tabs: Authenticate Instance, Authorize, and Configure Records. Start on the Authenticate Instance tab.- Confirm the Redirect URL matches the Callback URL you saved in Atlassian in Step 4.
- If your admin has pre-registered an OAuth app, pick it from the OAuth app dropdown. Otherwise leave it blank and enter credentials manually.
- Enter:
- Application (Client) ID — from Step 6
- Client Secret — from Step 6
- Atlassian Site URL — your Jira site URL (e.g.,
https://your-domain.atlassian.net; no trailing slash)
- Click Next to move to the Authorize tab.
The Atlassian Site URL targets the specific Jira Cloud site this connector instance will sync. Use the full site URL including
https:// (e.g., https://acme.atlassian.net).Step 8: Authorize tab — complete the OAuth flow
On the Authorize tab, all the OAuth authorization work happens. The tab shows an Authenticate button to kick off the OAuth handshake.
- Click Authenticate to start the OAuth flow. A popup opens to Atlassian’s authorization page.
- Select your Jira site from the dropdown.
- Review the permissions requested by the connector and click Accept.
- The popup closes and returns you to PipesHub. The connector tile shows an Authenticated badge with a Reauthenticate option.
- Click Next to move to the Configure Records tab.
Step 9: Configure Records tab — sync settings, filters, and indexing
On the Configure Records tab, control how the connector syncs and what gets synced.Sync settings — configure your synchronization preferences first:- Sync Strategy —
ScheduledorManual. - Sync Interval — how often to sync (default: 60 minutes).
Scheduled sync runs automatically at the specified intervals. Manual sync requires you to trigger synchronization on-demand.
- Project Keys — Filter by Jira projects.
- Operator:
In(include only) orNot In(exclude) - Selection: searchable dropdown of all your Jira projects (shows names + keys, e.g., “Engineering (ENG)”)
- Operator:
- Modified Date — Filter by last modification date. Operators:
Is After,Is Before,Is Between. - Created Date — Filter by creation date. Same operators.
The project list is dynamically fetched from your Jira workspace. Type to search and filter; select multiple projects as needed.
- Index Issues (default: enabled) — include issue content (description + comments) in search
- Index Issue and Comment Attachments (default: enabled) — include attachments in search
Comments are stored as part of the issue content (not as separate records). When Index Issues is enabled, both issue descriptions and comments are indexed together.
- Sync only Engineering project: Project Keys → Operator
In→ select “Engineering” - Exclude archived projects: Project Keys → Operator
Not In→ select archived projects - Recent issues only: Modified Date → Operator
Is After→ Date2024-06-01 - Index issues but not attachments: disable the Index Issue and Comment Attachments toggle
Supported Features
The Jira connector syncs the following data from your Jira Cloud workspace:- Projects — all accessible projects with their configurations and permission schemes
- Issues — full issue content including summary, description, status, priority, and custom fields
- Comments — all comments on issues with author information
- Attachments — files attached to issues (images, documents, etc.)
- Users — user profiles and account information
- Groups — user groups and memberships
- Project Roles — role assignments for project access control
- Permissions — project permissions and issue-level access controls
Useful Links
- Atlassian Developer Console: developer.atlassian.com/console/myapps/
- Atlassian API tokens: support.atlassian.com/atlassian-account/docs/manage-api-tokens-for-your-atlassian-account/
- OAuth 2.0 (3LO) documentation: developer.atlassian.com/cloud/jira/platform/oauth-2-3lo-apps/
- Jira API scopes reference: developer.atlassian.com/cloud/jira/platform/scopes-for-oauth-2-3LO-and-forge-apps/
- Jira REST API v3: developer.atlassian.com/cloud/jira/platform/rest/v3/
Troubleshooting
Troubleshooting
Troubleshooting
Common issues
Invalid client credentials error (OAuth):- Verify Client ID and Client Secret are correct — no extra spaces
- Check that the OAuth app is active in Atlassian Developer Console
- Regenerate the secret if necessary and update PipesHub
- Ensure the Redirect URL in PipesHub exactly matches the Callback URL in Atlassian
- Check for trailing slashes, protocol differences (
httpvshttps), or casing - Update both configurations to use the same URL
- Confirm the token was copied correctly — no leading/trailing whitespace
- The token may have been revoked or expired; create a new one at id.atlassian.com/manage-profile/security/api-tokens
- Verify the Email field matches the Atlassian account that created the token
- Verify the Base URL matches your Jira site (must include
https://, no trailing slash, match*.atlassian.net)
- Must include the protocol:
https:// - Must not include a trailing slash — use
https://acme.atlassian.net, nothttps://acme.atlassian.net/ - Must match the actual Jira Cloud site (usually
*.atlassian.net) - Do not include paths like
/jiraor/browse/...
- Verify you’re signing in with an account that has Jira access
- Ensure your Jira site is selected during authorization
- Check that all required API scopes are configured
- Verify the connector status shows Active
- Check that the authenticating user (OAuth) or token-owning user (API Token) has access to Jira projects
- Ensure projects are not restricted or archived
- Review sync logs for specific error messages
- OAuth tokens may expire per Atlassian’s policies; disable and re-enable the connector to re-authenticate
- API tokens can be revoked from the Atlassian account page; generate a new one and update the Authenticate Instance tab
- Check if the OAuth app is still active in Developer Console
- Verify the authenticating user has read access to the issues
- Check project permissions in Jira
- Review issue security schemes that may limit access
- Verify indexing filters are enabled for issues and attachments
- Check that the user has permission to view comments/attachments
- Ensure attachment size limits are not exceeded
Connector Workflow
Synchronization Process
Synchronization Process
The Jira connector follows a structured synchronization process to ensure all data is accurately synced and permissions are properly maintained.
Sync overview
Therun_sync method executes a complete synchronization cycle in a specific order:| Step | Function | Data Synced | Purpose |
|---|---|---|---|
| 1 | _fetch_users() | Users | Sync all Jira users with their profiles |
| 2 | _sync_user_groups() | Groups | Sync groups and user-group memberships |
| 3 | _fetch_projects() | Projects | Fetch projects (filtered if configured) |
| 4 | _sync_project_roles() | Roles | Sync project role assignments |
| 5 | _sync_project_lead_roles() | Lead Roles | Assign project lead permissions |
| 6 | _sync_project_issues() | Issues | Sync issues, comments, and attachments |
| 7 | _handle_issue_deletions() | Deletions | Detect and remove deleted issues |
Full sync vs incremental sync
The connector automatically determines whether to perform a full or incremental sync:Full sync occurs when:- First-time synchronization (no sync checkpoint exists)
- Sync filters have been modified since last sync
- Manual full sync is triggered
- A valid sync checkpoint exists
- Filters haven’t changed
- Uses JQL queries with
updated >= "last_sync_time"to fetch only changes
User & group synchronization
- User fetch — retrieves all users from Jira with their account IDs, emails, and display names
- Group sync — fetches all groups and their member lists
- Membership mapping — creates user-to-group relationships for permission resolution
Project synchronization
- Project fetch — retrieves projects (filtered by project keys if configured)
- Permission scheme — extracts project permission schemes for access control
- Role assignment — syncs project-specific roles (Admin, Developer, Viewer, etc.)
- Lead roles — assigns project lead permissions to designated users
Issue synchronization
For each project, the connector:- Builds JQL query — constructs query with date filters and project scope
- Batched fetching — retrieves issues in batches (default: 100 per request)
- Content processing — parses issue description (ADF format → Markdown with embedded images); extracts metadata (status, priority, labels, etc.)
- BlockGroup structure — creates hierarchical content structure:
- Description BlockGroup (index=0): contains issue description with inline attachments
- Comment Thread BlockGroups: each thread gets its own BlockGroup with
parent_index=0 - Comment Blocks: individual comments stored as Blocks within their thread BlockGroup
- Attachment processing — maps attachments to their correct location (description or specific comments)
- Permission assignment — applies project and issue-level permissions
Comments are stored as Blocks within the issue’s BlocksContainer (not as separate records). This enables efficient threaded comment organization and ensures comments are deleted automatically when the parent issue is removed.
Deletion detection
The connector uses Jira’s Audit Log API to detect deleted issues:- Queries audit log for
ISSUE_DELETEevents since last sync - Identifies deleted issue keys from audit records
- Removes issue records from the index
- Comments are automatically deleted with the issue (stored as Blocks within the issue)
Checkpoint management
After each successful sync:- Stores the latest issue update timestamp as checkpoint
- Records current filter configuration to detect changes
- Per-project checkpoints enable resumable syncs on failures
FAQ
Which authentication method should I choose?
Which authentication method should I choose?
| OAuth 2.0 | API Token | |
|---|---|---|
| Best for | Multi-user / org-wide rollouts, production | Single-account setups, quick POCs |
| Credentials model | Per-user consent, rotating refresh tokens | Single token, long-lived until revoked |
| Prerequisites | Atlassian Developer Console admin access | Any Atlassian account |
What's the difference between Jira Connector and Jira Toolset?
What's the difference between Jira Connector and Jira Toolset?
| Aspect | Jira Connector | Jira Toolset |
|---|---|---|
| Purpose | Sync and index Jira data for search | Enable agents to perform actions in Jira |
| Data Flow | One-way (import data into PipesHub) | Two-way (read and write via API) |
| When to Use | Query/search issues, projects, comments | Create issues, update tickets, add comments |
Queries not returning results. What could be wrong?
Queries not returning results. What could be wrong?
Check these in order:
-
PipesHub email mismatch — the email used to authenticate the Jira connector must match your PipesHub account email. For OAuth, this is the email you signed in with during consent; for API Token, it’s the Email field on the Authenticate Instance tab.
- Fix: reconfigure the connector and authenticate using the same email as your PipesHub account.
-
Email visibility not set — if your Atlassian email visibility is set to Only you and admins, PipesHub can’t match you to Jira permissions and no records will be visible.
- Fix: set it to Anyone or Your organization (see the Prerequisite: Email Visibility section above).
- Verify in All Records — go to All Records in PipesHub and confirm the Jira issues you expect are actually present. If they’re missing, the sync hasn’t reached them yet — check sync status in Settings → Connectors.
Is it possible to index only specific Jira projects?
Is it possible to index only specific Jira projects?
Yes. On the Configure Records tab, use the Project Keys filter with the
In operator and pick the projects you want to include. Or use Not In to exclude specific projects.Ready to Get Started?
Connect your Jira workspace to PipesHub in just a few minutes. Follow the step-by-step guide above to enable organization-wide project and issue search across all your Jira content.