Can access /rest/api/3/project from browser, not with curl

curl -k -u steph.xxxx%40xxxxxxxx.com:AxxxxxxxxxxxxagJLgo -H "Accept: application/json" "https://xxxxx.atlassian.net/rest/api/3/project"

and _all variations therof. base64 encoding also not working. 

the atlassian is behind MSFT SSO and we do not have access to the apps in azure. 

Accessing this endpoint from my browser works. 

The endpoint on my non-MSFT-SSO atlassian instance does work. 

You can try this -

curl 'https://mysite.atlassian.net/rest/api/3/project' --header 'Accept: application/json' --header 'Authorization: Basic mybase64encodedtoken'

Please change mysite and mybase64encodedtoken in your example and retry.

You can construct and send basic auth headers. To do this you perform the following steps:

1. Generate an API token for Jira using your Atlassian Account.
2. Build a string of the form useremail:api_token.
3. BASE64 encode the string.
   • Linux/Unix/MacOS:

     echo -n user@example.com:api_token_string | base64

   • Windows 7 and later, using Microsoft Powershell:

     $Text = ‘user@example.com:api_token_string’
     $Bytes = [System.Text.Encoding]::UTF8.GetBytes($Text)
     $EncodedText = [Convert]::ToBase64String($Bytes)
     $EncodedText

4. Supply an Authorization header with content Basic followed by the encoded string. For example, the string fred:fred encodes to ZnJlZDpmcmVk in base64, so you would make the request as follows:
   

   curl -D- \
   -X GET \
   -H "Authorization: Basic ZnJlZDpmcmVk" \
   -H "Content-Type: application/json" \
   "https://your-domain.atlassian.net/rest/api/2/issue/QA-31"

I tried that - all variations. 

HTTP/2 200
date: Tue, 17 Sep 2024 13:45:19 GMT
content-type: application/json;charset=UTF-8
server: AtlassianEdge
timing-allow-origin: *
x-arequestid: d1bf891d3ca1773eab7f0ae6fedccd0a
x-seraph-loginreason: AUTHENTICATED_FAILED
set-cookie: atlassian.xsrf.token=e7767868c8aaa758ff4b+++++++++++++25846_lout; Path=/; SameSite=None; Secure
cache-control: no-cache, no-store, no-transform
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
atl-traceid: 3d72e0281fbb4d00bd44b315688395db
strict-transport-security: max-age=63072000; includeSubDomains; preload
report-to: {"endpoints": [{"url": "https://dz----v6s.cloudfront.net"}], "group": "endpoint-1", "include_subdomains": true, "max_age": 600}
nel: {"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}

x-seraph-loginreason: AUTHENTICATED_FAILED 

Suggests that the credentials provided are incorrect, since this is for Jira cloud, please ensure you are using API token generated from your user profile instead of a password for BASE64 encoding.