Having problems with Jira scope for rule management API

Hi Peter,

could you please advise where would i locate manage:jira-automation. when i select granular scopes, i couldn't find this particular scope at all.

appreciate your assistance. thanks

Also, in the documentation guide

https://developer.atlassian.com/cloud/automation/rest/api-group-rule-management/#api-rest-v1-rule-ruleuuid-get

The url format to be used indicated is as such.

https://api.atlassian.com/automation/public/{product}/{cloudid}/rest/v1/rule/{ruleUuid}

but you mentioned that the based url to be https://api.atlassian.com/ex/jira/{cloudId}/rest/automation/2.0/

In this case, what should the format of the url to get the rule by rule uuid?

Hi @Wills Seet , 

1) I apologize for the mix-up—it's actually named "manage:jira-configuration" This granular scope allows CRUD on automation rules without over-privileging. (Reference: Jira scope for OAuth 2.0 / API token scope from Jira REST API). 

Where to find it:

• Atlassian Account > Security > Create API token > Granular scopes.
• Search: Type "manage:jira-configuration" (or just "configuration"—it auto-suggests).
  • If nothing: Filter by App = Jira Settings (not "Jira Software" or "Automation") > Scope type = "manage" > Actions = "Manage Jira global settings."
• Select it > Create token. (Your screenshot shows 0 results because the search might need the full phrase or category filter—try "jira-configuration" without "manage:".)
• Note: If still missing, fall back to the classic scope "write:jira-config" (covers config writes, including rules). Test with a minimal token first :)

2) You're right! The docs use the site-direct format for API tokens (Basic Auth: email:token base64-encoded). My earlier /ex/jira/ suggestion is for OAuth 2.0 (3LO) apps only:

• Full Endpoint: https://{your-site}.atlassian.net/rest/automation/latest/rule/{ruleUuid} (use /latest or /2.0 for stability; /v1 is legacy).

• Example cURL (You should replace placeholders):

  • curl --request GET \
    --url 'https://your-site.atlassian.net/rest/automation/latest/rule/{ruleUuid}?expand=actions,conditions' \
    --user 'your-email@domain.com:{your-api-token}' \
    --header 'Accept: application/json'

• No Cloud ID needed here (that's for /ex/ paths). If you get 401 again, confirm the token's scope includes config management and the service account has Jira admin perms.

Hope the links below are helpful for you and work well for you:
- Endpoints & Auth

Best, 

Peter

i created a new api token with just manage:jira-configuration scope and used the url format you suggested without {cloudid} but getting the following 404 html response back. i saved the html and render it based on the screenshot below.

also how do you verify that the service account has Jira admin perms. please see the 2nd screenshot below.

Hi @Wills Seet , 

The first one (404 "dead link" page) looks like a standard Atlassian "oops" for an invalid URL, but it's actually the service account management view (not the API response itself—API 404s usually return JSON like {"errorMessages":["No such rule"]}).
The second confirms your service account setup. The 404 likely stems from the endpoint path (Automation is under /automation/latest/, not a JSM-specific one) or the service account lacking project access for rules. "manage:jira-configuration" is correct for scopes, but the account needs Jira admin for rule ops.

1) Fix the 404—Correct Endpoint & Test:

• Use This Exact URL: https://{your-site}.atlassian.net/rest/automation/latest/rule/{ruleUuid} (ex: replace {your-site} with yoursite.atlassian.net and {ruleUuid} with a real ID from your rules list). Use /latest for stability.

• cURL Test (Basic Auth):

  • curl -u 'your-service-email:{api-token}' \
    -H 'Accept: application/json' \
    https://{your-site}.atlassian.net/rest/automation/latest/rule/{ruleUuid}

  • If 404 persists: Try a simple GET first: /rest/automation/latest/rules (lists all rules—needs admin). Or, ensure the ruleUuid exists (grab from UI: Automation > Rules > Copy ID).

• Scope/Token Refresh: Regenerate the token (scopes can cache oddly). If using Postman, double-check Basic Auth encoding.
  
  

2) Verify Admin permission

• Log in as a site/org admin (not the service account) > Go to Settings (gear icon) > User management > Users.
• Search for the service account email > Click it > Under Permissions, check if "Jira administrators" or "Jira system administrators" is listed (or if it's in the jira-administrators group via Groups tab). (Refer to this similar post)
• To add: Edit user > Add to jira-administrators group (global perm for rule management).
  • API Check (if you have a working token): GET /rest/api/3/mypermissions—look for "havePermission": true under ADMINISTER (global). (Refer: Manage global permission)

Note: The "dead link" screenshot is just the service accounts UI (scb-service-jsm) so it's not the API output :)

Best, 

Peter