Last updated Feb 28, 2024

Security

Authentication

All Commerce REST API queries require a valid access token.

Partners can generate tokens for their apps in the Partner portal.

Once you have an access token, include your token as an Authorization header, prefixed by Bearer, on all API queries. Requests are made via api.atlassian.com domain as shown below:

1
2
curl --request GET \
--url https://api.atlassian.com/commerce/api/v2/entitlements/{entitlementId}/details \
--header 'Authorization: Bearer ACCESS_TOKEN' \
--header 'Accept: application/json'

Authorization

Once the authentication is successful, Commerce performs authorization wherein we check for user/service access to the requested resource. This check is based on billing roles as described below.

Billing roles

Billing admin

A billing admin can quote, pay, and manage everything billing on a given transaction account. A user becomes a billing admin on creation of a new transaction account or when granted this role by another billing admin.

Billing user

A billing user can manage products under their site/organization and invoice group. A user is granted this role implicitly when they become a site/organization admin.

Entitlement controller

A user can become an entitlement controller when they become a product admin/member of a new free or trial product.

Rate this page: