Sudo for Jira

Jira's REST API has no built in support for allowing a user to take actions on behalf of another. This is problematic for environments where automated scripts are pulling data from other sources and taking action on events within Jira. An example is a script that watches a revision control repository, and logs work and transitions issues based on commands embedded in commit messages.

This plugin allows administrators to perform actions on behalf of others using the REST API.


To use this plugin simply add a "sudo" or "sudo-email" header to your request with the corresponding username or user email address of the user you want to perform the request on behalf of. If no user is found that matches the supplied sudo username or sudo email address, or if the user making the request is not an administrator, the request will be performed as normal based on the authenticated user.

Strict mode is enabled by adding a "sudo-strict" header to the request with a value of "true". This is in addition to the "sudo" or "sudo-email" required header. When strict mode is enabled, any sudo request where the target user is not found will return with 404 Not Found result code, instead of performing the API request as the original user. Additionally, if a user attempts to perform a sudo request with strict mode on, that does not have permission to do so, they will receive a 403 Forbidden result code.

New as of v1.0.8 is the ability to control the email to username cache. This cache exists to save user lookup time based on email address, and is only relevant if you are using the "sudo-email" header to identify the user. The new header "sudo-cache" accepts values "ignore" and "clear". If "ignore" is supplied, the cache will be ignored for the request. If "clear" is supplied, the cache will be immediately cleared then the request processed. In all cases, new cache entries will be expired 30 minutes after being write.


$ curl -u admin:admin -X POST -H "Content-Type: application/json" -H "sudo: jane" --data '{"timeSpent": "1h"}' \
> http://localhost:2990/jira/rest/api/2/issue/FB-1/worklog | python -m json.tool

$ curl -u admin:admin -X POST -H "Content-Type: application/json" -H "sudo-email:" --data '{"timeSpent": "1h"}' \
> http://localhost:2990/jira/rest/api/2/issue/FB-1/worklog | python -m json.tool

$ curl -u admin:admin -X POST -H "Content-Type: application/json" -H "sudo-email:" -H "sudo-strict: true" --data '{"timeSpent": "1h"}' \
> http://localhost:2990/jira/rest/api/2/issue/FB-1/worklog | python -m json.tool

Ignore email to username cache for this request:
$ curl -u admin:admin -X POST -H "Content-Type: application/json" -H "sudo-email:" -H "sudo-cache: ignore" --data '{"timeSpent": "1h"}' \
> http://localhost:2990/jira/rest/api/2/issue/FB-1/worklog | python -m json.tool

Clear email to username cache:
$ curl -u admin:admin -X POST -H "Content-Type: application/json" -H "sudo-email:" -H "sudo-cache: clear" --data '{"timeSpent": "1h"}' \
> http://localhost:2990/jira/rest/api/2/issue/FB-1/worklog | python -m json.tool

Jira Versions

Sudo for Jira is currently known to work on the entire 6.x.x-8.x.x+ range of Jira versions.


Email support for Sudo for Jira is provided by emailing Email support is provided from 9am-5pm pst/pdt M-F, excluding major holidays. Support queries will be responded to within one business day.