Atlassian Rovo MCP Server
io.github.atlassian/atlassian-mcp-server
Overview
Official remote MCP server for Atlassian Cloud that connects MCP clients to Jira, Confluence, Jira Service Management, Bitbucket, Compass, and Atlassian platform data using OAuth 2.1 or API-token authentication.
Documentation
Overview
Atlassian Rovo MCP Server is Atlassian's official cloud-hosted MCP server for connecting compatible AI tools and IDEs to Atlassian Cloud products. It supports Jira, Confluence, Jira Service Management, Bitbucket Cloud, Compass, and Atlassian platform / Teamwork Graph capabilities. Access is governed by the authenticated user's Atlassian permissions and by the scopes granted through OAuth 2.1 or API-token credentials.
Installation
This is a hosted remote MCP server. There is no local npm, PyPI, Docker, or source-build package target for Wardn to launch by default. Atlassian's upstream README states that the Rovo MCP Server is not installed through the Atlassian Marketplace or the Manage apps screen; it is installed automatically for a site the first time a user completes the OAuth 2.1 consent flow.
For most interactive clients, install/connect the server by configuring this remote MCP URL:
https://mcp.atlassian.com/v1/mcp/authv2
Documented setup commands include:
claude mcp add --transport http atlassian https://mcp.atlassian.com/v1/mcp/authv2
codex mcp add atlassian --url https://mcp.atlassian.com/v1/mcp/authv2
Claude Desktop, VS Code, Cursor, Windsurf, Codex Desktop, and other MCP-compatible clients can also be configured with the same remote URL when they support remote streamable HTTP MCP servers. For local or legacy MCP-compatible clients, Atlassian documents the Node.js mcp-remote proxy path; this requires Node.js 18 or later and uses the remote URL as the proxy target.
Remote Endpoints
Recommended OAuth endpoint for most clients:
https://mcp.atlassian.com/v1/mcp/authv2
Streamable HTTP endpoint used in API-token and direct bearer-token examples:
https://mcp.atlassian.com/v1/mcp
Legacy SSE endpoint documented in upstream metadata:
https://mcp.atlassian.com/v1/sse
Atlassian documents that /v1/sse is no longer supported after June 30, 2026 and recommends moving custom clients to /v1/mcp or /v1/mcp/authv2.
Authentication and Configuration
OAuth 2.1 is the primary and recommended authentication mechanism for interactive user-driven scenarios. The MCP client starts the Atlassian authorization flow, receives an access token, and sends it as an Authorization: Bearer ... header.
API-token authentication is optional and must be enabled by an organization admin. It is intended for non-interactive or machine-to-machine setups and uses either Authorization: Basic <base64(email:api_token)> for personal API tokens or Authorization: Bearer <api_key> for service account API keys.
The hosted remote endpoint has no documented runtime environment variables. The API-token endpoint uses an Authorization header supplied by the client.
Capabilities
Capabilities include reading, searching, creating, and updating Jira work; reading, searching, creating, and updating Confluence pages/comments; Jira Service Management operations via API token; Bitbucket Cloud repository, pull request, pipeline, deployment, and environment operations via API token; Compass component operations via OAuth; Atlassian user/resource discovery; Teamwork Graph context/object operations; and Rovo natural-language search/fetch across Jira and Confluence.
Limitations and Security Notes
Tool availability depends on authentication method, granted scopes, organization settings, product access, and user permissions. Jira Service Management and Bitbucket Cloud tools are API-token only. Compass tools are OAuth only. API tokens are not bound to a specific cloudId and do not use OAuth redirect/domain allowlist validation. MCP clients can perform actions with the user's existing permissions, so Atlassian recommends least privilege, reviewing high-impact changes, and monitoring audit logs for unusual activity.