1.1 The integration supports the following:
- Creates and updates work items
- Reads org/project metadata
- Reads work item configuration (types, fields, states, picklists)
- Reads user identities (for assignment and user mapping)
- Creates/manages webhook subscriptions (to capture create/update/delete events)
- Supports bi-directional sync using:
- an Azure DevOps Extension (installed in the org/project), and
- an Azure Function (deployed in Azure) to process events and sync changes
Prerequisites (Azure DevOps access)
Why a PAT is required
A Personal Access Token (PAT) is the credential Azure DevOps uses to let the integration call its APIs securely. The PAT is needed to:
- Authenticate API requests from the integration to Azure DevOps
- Authorize actions (read metadata, create/update work items, manage service hooks)
- Limit access by scope (so you grant only the permissions required)
Required user permissions (Azure DevOps)
Organization level
- View organization information
- View users
Project level
- View project-level information
Work Items
- View work items
- Create work items
- Edit work items
Required PAT scopes
- Work Items — Read & Write
- Project and Team — Read
- Graph — Read (read users/groups for assignment and mapping)
- Service Hooks — Read & Write (create/manage webhook subscriptions)
