Announcing CIMD support for MCP Client registration
Learn more
Agentic Authentication
Jun 23, 2026

Jira MCP vs Jira API for AI Agents

Team Scalekit
Open in ChatGPT

TL;DR

  • Atlassian's official Rovo MCP server (GA February 4, 2026, formerly the Atlassian Remote MCP Server) exposes a focused Jira surface: roughly 14 tools across read_jira, write_jira, and search_jira permission groups. Boards, sprints, attachments, worklog reads, bulk operations, and webhooks are not on it. They are REST-only.
  • The Rovo MCP is not OAuth-only. It supports OAuth 2.1 and, with an org-admin toggle, a Rovo-scoped API token for headless clients. Jira Service Management ops tools are API-token only; Compass tools are OAuth only. The auth surface is asymmetric, not a single flow.
  • The Jira Cloud REST API gives you the full platform: issues, comments, worklogs, attachments, fields, boards and sprints via the Agile API, Service Management, bulk operations, and webhooks. Its auth methods are OAuth 2.0 (3LO), Basic auth with an API token, Connect apps, and Forge.
  • Neither path offers a per-org service-token grant like a GitHub App installation token or a Salesforce JWT Bearer assertion. Headless on both paths means a user-scoped (often a bot-user) API token. So the credential problem, N tokens to store, refresh, and revoke, is identical regardless of path.
  • Scalekit vaults both paths. The jira connector wraps the REST API; the atlassianrovomcp connector proxies the official Rovo MCP. Either way, per-user OAuth, AES-256 token storage, and a 90-day audit trail are the default, so the MCP vs API decision does not change your auth infrastructure.

Your agent needs to work with Jira. It has to pull the issues blocking a sprint, transition tickets when a deploy lands, and update records on behalf of your engineers. Atlassian now ships two paths to do that: the official Rovo MCP server, which reached general availability on February 4, 2026, and the Jira Cloud REST API your integrations have called for years. They cover overlapping but not identical territory, they put you on different auth and governance paths, and for some workloads the gap between them is a hard wall. Here is the decision framework.

What Jira MCP and Jira API actually are

Atlassian Rovo MCP (the MCP path)

The Atlassian Rovo MCP Server is Atlassian's official, hosted remote MCP server, run on Cloudflare infrastructure at https://mcp.atlassian.com/v1/mcp. It went to beta in May 2025 and reached general availability on February 4, 2026. It is a single server spanning Jira, Jira Service Management, Confluence, Bitbucket, and Compass, plus Teamwork Graph; the Jira slice is what this article compares. An agent connects through a browser-based OAuth 2.1 consent flow, or, where an org admin has enabled it, through a Rovo-scoped API token for headless setups. Every tool call runs as the authorizing user and respects that user's existing Jira permissions.

Resource: Atlassian remote MCP Server page, and supported tools.

Jira REST API (the direct path)

The Jira Cloud REST API is the full platform surface, split across three primary APIs: the platform REST v3 (issues, comments, worklogs, attachments, fields, users, groups, permissions, webhooks), the Software (Agile) REST API at /rest/agile/1.0/ (boards, sprints, backlog, epics), and the Jira Service Management REST API. OAuth 2.0 (3LO) calls use the https://api.atlassian.com/ex/jira/<cloudId>/rest/api/3/ base; scripts and bots can use Basic auth with an API token. There are no LLM-specific affordances: schema handling, Atlassian Document Format (ADF) for rich text, pagination, rate limits, and error handling are all yours to own.

Resource: Official Jira API docs.

What each path exposes, from the official tool lists

This is the section most comparisons skip. The honest way to size the gap is to read the official Jira tool list on the MCP, then map it against the REST surface.

What the Rovo MCP exposes for Jira

Atlassian's supported-tools page lists the Jira tools in three permission groups. Reads (read_jira) include getJiraIssue, getJiraIssueRemoteIssueLinks, getJiraIssueTypeMetaWithFields, getJiraProjectIssueTypesMetadata, getIssueLinkTypes, getTransitionsForJiraIssue, getVisibleJiraProjects, and lookupJiraAccountId. Writes (write_jira) include addCommentToJiraIssue, addWorklogToJiraIssue, createJiraIssue, editJiraIssue, and transitionJiraIssue. Search (search_jira) is a single tool, searchJiraIssuesUsingJql. Two shared tools, atlassianUserInfo and getAccessibleAtlassianResources, resolve the user and their cloudId.

What the official MCP list does not contain

There is no board or sprint management tool, no attachment add, get, or delete, no worklog read, no issue delete, no component, version, or saved-filter management, no custom-field administration, no group or permission management, no bulk operation, and no webhook or change-event surface. Sprint and board data is readable only as context, through Teamwork Graph entry points and JQL functions like openSprints(), not through a management tool. These are not tools shipping next month; they reflect what the server was scoped to do.

What the REST API adds on top

The REST API covers every Jira capability the MCP exposes, then adds the entire operational layer: the Agile API for boards, sprints, and backlog at /rest/agile/1.0/, attachment endpoints, worklog reads and changelog history, bulk fetch and bulk changelog, custom-field and configuration administration, and webhooks for change events. If your agent has to configure a project, move issues across sprints, process attachments, or react to changes, that work lives in REST.

Comparing them where it matters for agents

What your agent can actually do

The Rovo MCP covers the conversational core of Jira well: read an issue, search with JQL, create, edit, transition, comment, and log time. The REST API owns everything operational and administrative.

Capability
Atlassian Rovo MCP (Jira)
Jira REST API
Get issue by ID or key
Yes (getJiraIssue)
Yes
Search issues with JQL
Yes (searchJiraIssuesUsingJql)
Yes
Create, edit, transition issue
Yes
Yes
Add comment and worklog
Yes (write only)
Yes
Read worklogs and changelog
No
Yes
Attachments (add, get, delete)
No
Yes
Delete issue
No
Yes
Boards, sprints, backlog (Agile API)
No
Yes (/rest/agile/1.0)
Components, versions, saved filters
No
Yes
Custom-field admin, groups, permissions
No
Yes
Bulk operations
No
Yes
Webhooks and change events
No
Yes
JSM operations alerts
Yes (API token only)
Yes (JSM REST)

Where the gap bites

The gap is architectural, not temporary. A sprint-planning agent that needs to create a sprint, move issues into it, or reorder a backlog cannot do that on the MCP at all. A QA agent that needs to attach a log file to a bug cannot, because the MCP has no attachment tool. A time-tracking agent can write a worklog but cannot read one back. An event-driven agent that should react when an issue transitions has no webhook surface on the MCP and must poll or move to REST.

The auth path each one puts you on

This is where Jira differs from most tools in this comparison series, so it pays to be precise.

Auth method
Atlassian Rovo MCP
Jira REST API
OAuth 2.1 / 2.0 (3LO), user-delegated
Yes (default)
Yes
API token (Basic or Bearer), user identity
Yes (admin-enabled, Rovo-scoped)
Yes (Basic auth)
Connect app (JWT, app identity)
No
Yes
Forge app (asApp or asUser)
No
Yes
Per-org client-credentials service token
No
No

Why the auth table matters

The MCP is not OAuth-only. With an org-admin toggle it accepts a Rovo-scoped API token, which is how headless or background clients connect; JSM ops tools in fact require that token path, while Compass tools require OAuth. The REST API adds two identity models the MCP does not have: Connect apps and Forge apps, both of which can act with an app identity rather than a person's. What neither path offers is a clean per-org service-token grant, the equivalent of a GitHub App installation token or a Salesforce JWT Bearer assertion. On both paths, headless means a user-scoped credential, usually a dedicated bot Atlassian account holding an API token.

What you own in production

On the MCP path, Atlassian owns hosting, tool schemas, and permission-group governance, and surfaces MCP usage logs for audit. You still own per-user token storage, refresh, and revocation, plus the org-admin dependency: API-token access and several tool groups are gated behind admin enablement and allowlists. On the REST path, you own the full stack: ADF formatting for comments and descriptions, cursor and startAt pagination, tier-based rate limits, retries, the rotating-refresh-token lifecycle, and version migration. The REST API is explicitly versioned (/rest/api/3, with a published deprecation policy), which matters for deterministic pipelines; MCP tool schemas change when Atlassian updates the server, with no version pin.

When to use MCP, when to use the API

Use the Atlassian Rovo MCP when:

  • Your agent is interactive and user-facing: a developer in an IDE or assistant asking about issues, sprints, and status in natural language, where OAuth consent is natural.
  • The job is read, search, create, comment, and transition, the conversational core of Jira work.
  • You want Atlassian's permission-group governance, allowlists, and MCP usage logs without building your own access controls.
  • You are prototyping and want maintained, LLM-native tool descriptions without writing schemas.

Use the Jira REST API when:

  • Your agent manages boards, sprints, or backlogs, processes attachments, reads worklogs or changelogs, or runs bulk operations, none of which exist on the MCP.
  • Your agent must react to Jira changes through webhooks rather than polling.
  • You need an app identity (Connect or Forge) instead of a user-delegated token.
  • You are building a deterministic pipeline where you pin the API version and cannot absorb an unplanned schema change.

The credential problem that exists on both paths

Both paths hand you a per-user credential, not a vault

The MCP OAuth flow gives you a session token per user. The REST OAuth flow gives you an access token plus a rotating refresh token per user. The MCP API-token path and the REST Basic-auth path both give you a user-scoped API token. In every case the credential has to live somewhere: encrypted at rest, isolated per tenant, and revocable when a user disconnects. None of these paths provides that.

The N-credential reality

For a multi-tenant B2B Jira agent serving, say, 40 engineers across 8 customer Atlassian sites, the user-delegated model means 40 OAuth grants to store and refresh. Atlassian's 3LO uses rotating refresh tokens, so each refresh issues a new refresh token you must persist correctly or the next refresh fails. When an engineer leaves, that grant has to be revoked, and the bot-user API tokens stored on a laptop or in a config file do not disappear when Okta is disabled.

The shared-token failure mode

A single shared admin or bot API token looks correct in a demo. In production every issue query and update then runs under that admin profile, project-level permissions are bypassed, attribution points at a service account, and per-user sprint-capacity visibility breaks. The path you chose changes the token type. The credential-management infrastructure required does not.

Where Scalekit fits

Scalekit resolves the per-user credential on every tool call, so actions are attributed to the engineer who authorized them, with a full audit trail rather than a shared bot entry. The same vault, refresh, and revocation logic works whether you chose the Rovo MCP path or the direct REST path, which is exactly why the MCP vs API decision does not change what you build for auth.

Building Jira agents on Scalekit

The Token Vault value proposition for Jira

Scalekit's Token Vault stores each user's Atlassian credential encrypted with AES-256, namespaced per tenant, and resolves it server-side at request time in roughly 40 milliseconds. The token never enters your agent runtime or the LLM context. Refresh, including Atlassian's rotating refresh tokens, is automatic, and revoking a user is a single dashboard action. For multi-tenant agents this is the difference between an afternoon demo and a system that survives an enterprise security review.

Two connectors, both paths covered

Scalekit ships a jira connector that wraps the Jira REST API with a full tool library, including the operations the official MCP lacks: jira_attachment_get, jira_attachment_delete, jira_component_create, jira_field_search, jira_filter_create, jira_issue_changelog_list, jira_issue_assign, jira_issue_link_create, and jira_issues_search, among others. It also ships an atlassianrovomcp connector that proxies the official Rovo MCP server. You pick the path; the vault, scope enforcement, and audit layer are identical across both.

Connecting with the Node SDK and Claude

Discovery comes first: listScopedTools returns only the Jira tools the current user's connected account is authorized to call, not a flat catalog. Then executeTool runs the action under that user's vaulted credential. Set the connectionName to match the connection you configured in the Scalekit dashboard exactly; a mismatch is the most common integration error.

import { ScalekitClient } from "@scalekit-sdk/node"; import Anthropic from "@anthropic-ai/sdk"; const sk = new ScalekitClient(envUrl, clientId, clientSecret); const anthropic = new Anthropic(); // Only the Jira tools this user authorized, scoped to their account const { tools } = await sk.tools.listScopedTools("user_123", { filter: { connectionNames: ["jira"], toolNames: ["jira_issues_search", "jira_issue_get", "jira_issue_create"], }, pageSize: 100, }); const llmTools = tools.map((t) => ({ name: t.tool.definition.name, description: t.tool.definition.description, input_schema: t.tool.definition.input_schema, })); const msg = await anthropic.messages.create({ model: "claude-sonnet-4-6", max_tokens: 1024, tools: llmTools, messages: [{ role: "user", content: prompt }], }); // When Claude returns a tool_use block, execute it under the user's vaulted token const { data } = await sk.tools.executeTool({ toolName: "jira_issues_search", identifier: "user_123", params: { jql: "project = PLAT AND sprint in openSprints() AND type = Bug" }, });

Connecting with LangChain (Node)

The same scoped surface drops straight into a LangChain ReAct agent. Each tool's execute function calls back into executeTool, so the credential is resolved per call, never embedded in the tool definition.

import { ScalekitClient } from "@scalekit-sdk/node"; import { DynamicStructuredTool } from "@langchain/core/tools"; import { createReactAgent } from "@langchain/langgraph/prebuilt"; import { z } from "zod"; const sk = new ScalekitClient(envUrl, clientId, clientSecret); const { tools } = await sk.tools.listScopedTools("user_123", { filter: { connectionNames: ["jira"], toolNames: ["jira_issues_search", "jira_issue_get", "jira_issue_create"], }, pageSize: 100, }); const lcTools = tools.map((t) => new DynamicStructuredTool({ name: t.tool.definition.name, description: t.tool.definition.description, schema: z.object({}).passthrough(), func: async (args) => { const { data } = await sk.tools.executeTool({ toolName: t.tool.definition.name, identifier: "user_123", params: args, }); return JSON.stringify(data); }, })); const agent = createReactAgent({ llm, tools: lcTools });

Connecting with the Python SDK and LangChain

The Python SDK exposes a native LangChain helper. Set connection_names to ["jira"] and pass each user's real identifier on every call.

import os from scalekit import ScalekitClient from langchain.agents import create_tool_calling_agent client = ScalekitClient( env_url=os.environ["SCALEKIT_ENV_URL"], client_id=os.environ["SCALEKIT_CLIENT_ID"], client_secret=os.environ["SCALEKIT_CLIENT_SECRET"], ) # Jira tools scoped to this user's connected account tools = client.actions.langchain.get_tools( identifier="user@example.com", connection_names=["jira"], ) agent = create_tool_calling_agent(llm, tools, prompt) # Direct execution under the user's vaulted credential client.actions.execute_tool( tool_name="jira_issue_create", identifier="user@example.com", params={ "project_key": "PLAT", "issue_type": "Bug", "summary": "Auth timeout on checkout", "priority_name": "High", }, )

Why this matters downstream: scoping, observability, and multi-tenancy

Pointing the LLM at a single user's authorized subset is not cosmetic. The Rovo MCP exposes 70 or more tools across Atlassian products; a full catalog in context degrades tool selection and burns tokens before the agent does any work. listScopedTools reduces that to the handful of Jira tools the current user can call, which improves selection accuracy and cuts token overhead. On observability, every Scalekit tool call is logged with who triggered it, which tool ran, and what came back, with 90 days of history that is SIEM-exportable and tied to the authorizing user. For a multi-tenant agent, per-tenant namespacing in the vault means user A's Jira data is never reachable by an agent acting for user B on the same connection, and that isolation is the default rather than something you bolt on later.

Which one to build against

If your Jira agent is interactive and user-present, and its core job is searching, reading, creating, and transitioning issues, the Rovo MCP is the faster path, with maintained tools and Atlassian-grade governance included. If your agent manages sprints and boards, handles attachments, reads worklogs, runs bulk operations, or reacts to changes through webhooks, build against the REST API, because those capabilities do not exist on the MCP. Most production Jira agents end up using both: the interactive assistant on the MCP, the background pipeline on REST. Either way, the per-user credential problem is the same, and that is the part that needs production-grade infrastructure.

Get started

Need a Jira tool or capability Scalekit does not expose yet? Request it through the Scalekit Slack Community, or talk to the team.

No items found.
Agent Auth Quickstart
Add auth to your AI agents
Open in ChatGPT
On this page
Introduction
This is some text inside of a div block.
This is some text inside of a div block.
Share this article
Copy link
Agent Auth Quickstart
Add auth to your AI agents
More from our blog
More articles
Agentic Authentication
May 7, 2026
Build an Engineering Standup Agent - GitHub, GitLab, Jira, Slack
Team Scalekit
Agentic Authentication
May 18, 2026
Agent Tool Calling Auth Production Problems, Patterns, Anti-patterns
Team Scalekit
Agentic Authentication
Jul 7, 2025
Token vault: Why it's critical for AI agent workflows
Srinivas Karre
More articles

Acquire enterprise customers with zero upfront cost

Every feature unlocked. No hidden fees.
Start for free
Talk to an engineer
Start Free
$0
/ month
1 million Monthly Active Users
100 Monthly Active Organizations
1 SSO connection
1 SCIM connection
10K Connected Accounts
Unlimited Dev & Prod environments
The Auth Stack
for AI applications
hi@scalekit.com
16192 Coastal Hwy Lewes,
DE 19958
slack logo
Join our community 
Modular Auth
MCP AuthAgent AuthSSOSCIM
Full Stack Auth
User & Org ManagementAuth MethodsAPI AuthRoles & PermissionsCustomizationEnterprise Auth
Extensibility
Auth workflowsIntegrations
Compare
Scalekit vs Auth0Scalekit vs StytchScalekit vs DescopeScalekit vs CognitoScalekit vs ClerkScalekit vs WorkOS
Industry Reports
State of Auth 2025Enterprise MCP patterns
Auth Guides
MCP AuthSingle Sign-onPasswordlessSCIMOAuth
Resources
DocsAPI ReferenceBlogRelease NotesSDKs
Company
LegalTrust CenterCustomers
Compliance
Follow us on
All systems operational
Copyright © 2026.
ScaleKit Inc. All rights reserved

We use cookies, so things load fast, we learn what to fix, and you can always reach us on chat

Okay, got it!