Jira Cloud
Jira Cloud integration provides 53 MCP tools across issue management, agile/sprint workflows, and Jira Service Management (JSM).
Prerequisites
Section titled “Prerequisites”- Jira Cloud instance (not Jira Server/Data Center)
- Atlassian account with admin access to create OAuth apps
- Access to developer.atlassian.com
OAuth App Setup
Section titled “OAuth App Setup”-
Create an OAuth 2.0 (3LO) app
Go to developer.atlassian.com/console/myapps and click Create > OAuth 2.0 integration.
-
Configure permissions
In your app settings, go to Permissions and add these scopes:
Scope Access read:jira-workRead issues, projects, boards, filters write:jira-workCreate/manage issues, comments, worklogs read:jira-userView and search users manage:jira-projectManage project settings, components, versions read:board-scope:jira-softwareRead boards write:board-scope:jira-softwareManage boards read:sprint:jira-softwareRead sprints write:sprint:jira-softwareManage sprints offline_accessRequired for refresh tokens read:meUser profile information -
Set the callback URL
Under Authorization, add the callback URL:
https://api.switchboard.fpdigital.ai/oauth/jira/callback -
Copy credentials
Note the Client ID and Client Secret from the app settings.
-
Set environment variables
Terminal window cd srcnpx wrangler secret put JIRA_CLIENT_IDnpx wrangler secret put JIRA_CLIENT_SECRET
How OAuth Works for Jira
Section titled “How OAuth Works for Jira”Jira uses Atlassian OAuth 2.0 (3LO) which has several differences from standard OAuth:
Audience Parameter
Section titled “Audience Parameter”The authorization URL requires audience=api.atlassian.com — this is unique to Atlassian and not used by other Switchboard services.
JSON Token Exchange
Section titled “JSON Token Exchange”Token exchange uses a JSON request body instead of form-encoded data (unlike most OAuth providers). Switchboard handles this automatically.
Cloud ID Discovery
Section titled “Cloud ID Discovery”After obtaining an access token, Switchboard automatically calls the accessible-resources endpoint to discover your Jira Cloud ID. This ID is required for all API calls and is stored alongside your tokens.
Rotating Refresh Tokens
Section titled “Rotating Refresh Tokens”Jira refresh tokens are rotating — each time a token is refreshed, the old refresh token is invalidated and a new one is issued. Switchboard handles this automatically, always storing the latest refresh token.
| Token | Lifetime |
|---|---|
| Access token | 1 hour |
| Refresh token | 90 days (rotating) |
Available Tools
Section titled “Available Tools”53 tools across 12 categories:
| Category | Tools | Examples |
|---|---|---|
| Connection | 1 | jira_ping |
| Issue Management | 10 | search, get, create, update, transition, assign |
| Comments | 2 | add, get comments |
| Worklogs | 2 | log work, get worklogs |
| Projects | 4 | list, get, components, versions |
| Boards & Sprints | 8 | list boards/sprints, sprint issues, create sprints |
| Sprint Lifecycle | 3 | start, complete, move to backlog |
| Epics & Labels | 4 | list epics, add/remove labels, link issues |
| Utilities | 7 | watchers, filters, fields, statuses, priorities |
| Delete Operations | 4 | delete issues, comments, worklogs, attachments |
| Service Management | 4 | service desks, queues, SLAs, create requests |
| Advanced | 4 | changelog, permissions, link types, request types |
Common Gotchas
Section titled “Common Gotchas”DLP Patterns
Section titled “DLP Patterns”Switchboard automatically detects and blocks Jira-specific credentials:
| Pattern | Severity |
|---|---|
| Atlassian API tokens (ATATT-prefix) | Critical (auto-block) |
| OAuth bearer token references | High |
| Webhook shared secrets | High |
Testing
Section titled “Testing”After setup, verify the connection:
- Go to your Switchboard Dashboard
- Navigate to the Jira service page
- Click Connect to initiate OAuth
- After authorization, click Test Connection
- The test calls
jira_pingand displays your authenticated user info