Currenty, I have a stack of automation in place, that revolves around Jira API. Managing tickets, getting updates, commenting, etc.
Now it seems that Atlassian has enforced captcha checks for API's that are meant (?) to be used by other non-human systems. I'm receiving `HTTP/2 405 Not Allowed` for all requests, even to get diagnostic information from the cloud instance. For me it makes little sense, as well as indicates a bit of possible AWS WAF / Cloudfront misconfiguration on Atlassian side.
Example request:
```
curl -H 'Authorization: Bearer <JIRA_API_TOKEN>' 'https://acme.atlassian.net/rest/api/3/search?jql=project%3D%22AB%22+ORDER+BY+created+DESC&startAt=0&maxResults=100' -vv
```
and get the following (truncated due to verbosity):
```
> Host: acme.atlassian.net
> User-Agent: curl/8.12.1
> Authorization: Bearer <JIRA_API_TOKEN>
< HTTP/2 405
< server: CloudFront
< x-amzn-waf-action: captcha
< access-control-allow-headers: x-amzn-waf-action
< x-cache: Error from cloudfront
< via: 1.1 ff9802edfc33ac761711281d7826a1f8.cloudfront.net (CloudFront)
< x-amz-cf-pop: BUD50-P1
< x-amz-cf-id: ft02DRubTu_Tf-YbBFyVCdZTe40GJTOcBOAw7iqwICaLzm59rI3AKQ==
...
<title>Human Verification</title>
...
script src="https://99a173f17960.7e8ef487.eu-north-1.token.awswaf.com/99a173f17960/52be4ea59000/39cb15f4a9e2/challenge.js"
script src="https://99a173f17960.7e8ef487.eu-north-1.captcha.awswaf.com/99a173f17960/52be4ea59000/39cb15f4a9e2/captcha.js"
...
```
This change, virtually has cut off all the users and companies automation built on top of Jira APIs, greatly decreasing productivity, because now all the automated things need to be done manually via Jira web app.
Should I ask my jira product admin to raise an official support ticket, or is there any documentation that unequivocally states that even M2M API requests need to pass AWS WAF / AWS Cloudfront CAPTCHA checks?
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.