Removing rate limits for Atlassian cloud products integrated with Jira

Platform Notice: Data Center Only - This article only applies to Atlassian products on the Data Center platform.

Note that this KB was created for the Data Center version of the product. Data Center KBs for non-Data-Center-specific features may also work for Server versions of the product, however they have not been tested. Support for Server* products ended on February 15th 2024. If you are running a Server product, you can visit the Atlassian Server end of support announcement to review your migration options.

*Except Fisheye and Crucible

Summary

Because of a known issue, Jira Data Center 8.6.0 and 8.6.1 apply rate limiting to integrations with Atlassian cloud products. Until we release an official fix, you can use this workaround to allowlist your product’s OAuth consumer key, and remove any rate limits for it.

Solution

Before you begin

You can retrieve your product’s OAuth consumer key from the Jira log file. To get it written there, a request coming from your product will need to be limited. The quickest way to do this is to set rate limiting to Block all requests and wait for a request being limited. You can also block requests for one user and then use it to make an incoming request.

Allowlisting OAuth consumer keys

Find the consumer key

  1. Set the logging level for com.atlassian.ratelimiting.internal to TRACE. For more info, see Logging and profiling.

  2. Send a request from the integrated application so it gets limited.

  3. Open the Jira log file, and search for DefaultRateLimitUIRequestHandler.

  4. You’re interested in the Authorization header, which looks similar to this example:

    1 "Authorization: OAuth oauth_token=\"\", oauth_consumer_key=\"FishEye%3A9639366062\", oauth_signature_method=\"RSA-SHA1\", oauth_timestamp=\"1574434622\", oauth_nonce=\"6073902753180203\", oauth_version=\"1.0\", oauth_signature=\"o1QQ%2FIx2Ople7wGtQVSlqVrfKkoJiQ%2FmgH2JvUvTvqR6kivgf7RtBGZDaFS1b6eHrrFHGyOCuAxOLhaa2PZriiI%2BTIDCbg%2FHUH6aaYg5CJ0D%2F%2BPS7iHAWG4lc35TBK4IDE07HZtoVpCM3kYId1HPhdVAmY8NiKqQfavDM5ktixo%3D\""

The consumer key is printed in oauth_consumer_key, and it should have the following pattern: <application>:<key>.

In this example, %3A is an encoding difference from the log file. The proper consumer key is FishEye:9639366062.

Allowlist the consumer key

  1. Go to Administration > System > General configuration > Advanced settings.

  2. Add the consumer key to the com.atlassian.ratelimiting-whitelisted-oauth-consumers option. If you have multiple consumer keys, add them as a comma-separated list, and watch out for overwriting your previous keys.

It takes up to 1 minute to apply the new settings. Once that’s done, the traffic coming from/to the integrated application will no longer be limited.

Updated on April 16, 2025
Platform
Data Center only
Product
Jira Software Data Center
On this pageSummarySolution

Still need help?

The Atlassian Community is here for you.
Ask the Community