Request on Blocking Add-on Updates Using Changelog API

General Questions
,
1

Hi Team,

We’re trying to block updates from a specific add-on user when syncing from Jira to ServiceNow. To achieve this, I’m using the add-on account ID and fetching the changelog via the Jira REST API to identify the last updater.

However, I’m facing a 403 – Forbidden error while calling the changelog API. Could you please review my approach and let me know if this is the correct way to block the user, or if there’s an alternative method I should use?

import java.util.Base64
def blockedAccountId = "Account ID"
def jsonSlurper = new JsonSlurper()
def lastUpdaterAccountId = null
// Jira Cloud authentication
def jiraEmail = "Mail ID"
def jiraApiToken = "API Token"
httpClient.auth.basic(jiraEmail, jiraApiToken)
// Step 1: Get total changelog count
def changelogSummaryResp = httpClient.get("/rest/api/3/issue/${issue.key}/changelog?maxResults=1")
    .header("Accept", "application/json")
    .asString()
if (changelogSummaryResp.status == 200) {
    def changelogSummaryJson = jsonSlurper.parseText(changelogSummaryResp.body)
    def total = changelogSummaryJson?.total ?: 0
    if (total > 0) {
        // Step 2: Fetch the last changelog entry
        def lastResp = httpClient.get("/rest/api/3/issue/${issue.key}/changelog?startAt=${total - 1}&maxResults=1")
            .header("Accept", "application/json")
            .asString()
        if (lastResp.status == 200) {
            def lastJson = jsonSlurper.parseText(lastResp.body)
            def lastHistory = lastJson?.values?.first()
            lastUpdaterAccountId = lastHistory?.author?.accountId
            logger.info("Last updater for ${issue.key}: ${lastUpdaterAccountId}")
        } 
    } else {
        logger.info("No changelog entries found for ${issue.key}")
    }
}  else {
       return
}
// Step 3: Skip sync if last update is from blocked account
if (lastUpdaterAccountId == blockedAccountId) {
    return
}

Best Regards,
Veeresh

2

It looks like you’re trying to block updates from a specific add-on user by checking the last updater via the Jira REST API’s changelog endpoint, but you’re hitting a 403 Forbidden error.

Based on Exalate documentation, a 403 error when accessing Jira Cloud APIs (like the changelog) usually means the user (or proxy user) making the API call doesn’t have the required permissions. For Service Desk projects, this is a common issue if the Exalate proxy user doesn’t have access to Jira Service Management. You can find more details here:

What to check and do:

  • Make sure the user or integration account used for authentication has the necessary permissions to view issue history/changelog in the relevant Jira project.
  • For Jira Service Management, ensure the account has access to the service desk and the right project permissions.
  • If you’re using Exalate’s proxy user, double-check its permissions in both Jira and ServiceNow.

Alternative approach:
If you can’t get the changelog due to permissions, consider using Exalate’s scripting to block updates based on available user fields (like reporter, assignee, or custom fields) that you can access, or by filtering updates in the sync script based on other criteria.

If you need more details on setting up permissions or want to see how to block updates in the sync script, check the documentation or let your Jira admin review the permissions for the integration user.

Hope this helps you troubleshoot the 403 error and refine your approach!

3

Hello,

I have added the necessary permissions to the user, but the issue still persists.

Is there any method or approach in Exalate to stop or block the sync for a particular user?

Thank you

4

Hi @Veeresh

Give me some time and i will update you

Thanks,

Sonal

5

Hi @Sonal_Otwani

Just checking in - any update on this?

Regards,
Veeresh

6

Hi @Veeresh

Apologies for the late response!

I am still working on this and i will update you for this in couple of days.

Thanks,

Sonal

7

Hi @Veeresh

So here is the source side outgoing sync script:

def blockedAccountId = "atlassian_account_id" 
  def changeHistory = issue.changeHistory


  def lastChangeByField = [:]
  changeHistory?.each { change ->
      change.changeItems?.each { item ->
      //  debug.error(""+item.properties+" history:"+change.properties)
  
          if (!lastChangeByField.containsKey(item.field)) {
              lastChangeByField[item.field] = change.author?.key
          }
      }
  }

  def wasBlockedUser = { fieldName ->
    lastChangeByField[fieldName] == blockedAccountId
}

  replica.key     = issue.key
  replica.project = issue.project

  if (!wasBlockedUser("issueType")) {
      replica.type = issue.type
  }
  if (!wasBlockedUser("assignee")) {
      replica.assignee = issue.assignee
  }
  if (!wasBlockedUser("reporter")) {
      replica.reporter = issue.reporter
  }
  if (!wasBlockedUser("summary")) {
      replica.summary = issue.summary
  }
  if (!wasBlockedUser("description")) {
      replica.description = issue.description
  }
  if (!wasBlockedUser("labels")) {
      replica.labels = issue.labels
  }
  if (!wasBlockedUser("resolution")) {
      replica.resolution = issue.resolution
  }
  if (!wasBlockedUser("status")) {
      replica.status = issue.status
  }
  if (!wasBlockedUser("Parent")) {
      replica.parentId = issue.parentId
  }
  if (!wasBlockedUser("priority")) {
      replica.priority = issue.priority
  }

  replica.comments = issue.comments?.findAll { comment ->
      comment.author?.key != blockedAccountId
  }

  replica.attachments = issue.attachments?.findAll { attachment ->
      attachment.author?.key != blockedAccountId
  }

Please replace atlassian_account_id with actual Atlassian user account Id and check the attached video for more reference.

Kindly let me know in case of further questions.

Thanks,

Sonal

8

Here is the video for the reference.

9

Hi @Sonal_Otwani,

Thank you so much for sharing the script - it’s working perfectly!

I just have a small doubt. For example, if we have two users with the same name but different account IDs, the user updated something in Jira, and the changelog shows the right account ID. However, on the ServiceNow side, when I print the value in the description field, it’s showing a different ID.
In changelog am getting abc-1234 & in snow side am getting xyz-324.

Could you please help me understand what might be causing this issue?

Thanks again for your support.

Best regards,
Veeresh

10

Hi @Veeresh

Can you please check all of the changelogs related to assignee filed? is there any update made by that different user ?

Thanks,

Sonal

11

Hi @Sonal_Otwani

The script you shared is working well for Jira users - it’s successfully blocking their updates. However, I have one more requirement. We have 2 add-ons in Jira, and when users change the status, some of these add-ons are clearing certain fields. These cleared values are then syncing to ServiceNow, but we need to prevent those updates from being sent.

I tried using the same logic by adding the add-on account IDs, but the updates are still syncing.

Could you please suggest if there’s any other way to block updates triggered by add-ons from syncing from Jira to ServiceNow?
Please let me know.

Thank you for your support

Best Regards,
Veeresh