Forums

Articles
Create
cancel
Showing results for 
Search instead for 
Did you mean: 

Jira Cloud Platform or Jira Software Cloud - POST

Santosh Ojha June 2, 2020

Hi champs

I am trying to create issue through Postman and later on using my program. I am able to read details but not able to write back/create issue. Since I am doing POC, currently using free plan.

 

I am getting 403 - Forbidden on POST call. There is no option to enable it.

 

Thanks,

2 answers

0 votes
Santosh Ojha June 17, 2020

@Dario B 

I tried this option but getting same error with this header too. Let me answer your questions here.

  1. I using access_token to connect. My GET is working without any issue.
  2. Confirm the endpoint used and provide the request body

http://xxxxxx.atlassian.net/rest/api/3/issue 

       {

"fields": {
"projects": {
"key": "TES"
},
"summary": "create issue",
"issueType": {
"name": "Task",
"subtask": false
},
"priority": {
"name": "Medium"
}
}

}

3.  Yes, I am using same instance and last attempt 6.25 PM IST ( GMT+5.30)

Dario B
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
June 17, 2020

Hello @Santosh Ojha ,

The body you are sending with your request has some typos. If I use it I get error 400 in return because:

  • it is using "projects" instead of "project"
  • it is using "issueType" instead of "issuetype"


After correcting above properties I am able to successfully run the REST call:

curl -u <EMAIL-ADDRESS>:<API-TOKEN> -D- -H 'Accept: application/json' -H 'Content-Type: application/json' --data '{"fields":{"project":{"key":"TKPF"},"summary":"create issue","issuetype":{"name":"Task","subtask":false},"priority":{"name":"Medium"}}}' -X POST "https://XXX.atlassian.net/rest/api/3/issue"

HTTP/2 201
server: AtlassianProxy/1.15.8.1
cache-control: no-cache, no-store, no-transform
content-type: application/json;charset=UTF-8
strict-transport-security: max-age=315360000; includeSubDomains; preload
date: Wed, 17 Jun 2020 16:46:05 GMT
[...]

{"id":"10002","key":"TKPF-3","self":"https://XXX.atlassian.net/rest/api/3/issue/10002"}

 

 

Can you kindly run below request using Curl (replace <EMAIL-ADDRESS> and <API-TOKEN> with the correct values) and paste the output of the command in here like I did above?

curl -u <EMAIL-ADDRESS>:<API-TOKEN> -D- -H 'Accept: application/json' -H 'Content-Type: application/json' --data '{"fields":{"project":{"key":"TES"},"summary":"create issue","issuetype":{"name":"Task","subtask":false},"priority":{"name":"Medium"}}}' -X POST "http://bhoran.atlassian.net/rest/api/3/issue" 

 

 

Cheers,
Dario

Dario B
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
June 17, 2020

@Santosh Ojha ,

Also, in the logs I can see:

2020-06-17 14:56:39.839WARNcom.atlassian.plugins.rest.common.security.jersey.XsrfResourceFilterUse of the 'nocheck' value for X-Atlassian-Token has been deprecated since rest 3.0.0. Please use a value of 'no-check' instead.  

2020-06-17 14:56:39.841WARNcom.atlassian.plugins.rest.common.security.jersey.XsrfResourceFilterAdditional XSRF checks failed for request: https://bhoran.atlassian.net/rest/api/3/issue , origin: null , referrer: null , credentials in request: true , allowed via CORS: false  

 

Apparently there is a typo in here as well: in the header you should use "no-check" instead of "nocheck".

This was also mentioned in the already provided KB to solve this issue: 

Resolution

To call protected APIs from external systems you can add the X-Atlassian-Token header to each request, setting the value to no-check. Adding this header to a request bypasses the server-side XSRF check and allows the request to be fulfilled.

 

So, to summarize:

  • In the request body:
    • use "project" instead of "projects"
    • use "issuetype" instead of "issueType"
  • In the request header:
    • Use "X-Atlassian-Token: no-check" instead of "X-Atlassian-Token: nocheck"

 

 

Cheers,
Dario
 

0 votes
Dario B
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
June 5, 2020

Hello @Santosh Ojha ,

Welcome to the Atlassian Community!

I am able to create issues via REST API in my free instance without any problem:

postman-create-issue-free.jpg

 

In the ticket you previously created I can read that you are able to send the same call to your Jira Server instance while you get 403 in Cloud.

If that's the case, then:

  1. Please make sure you are using email address and API Token to authenticate the REST API calls instead of username and password (basic auth with username and password has been deprecated long time ago in Cloud)
  2. Confirm the endpoint used and provide the request body
  3. Confirm you are sending the REST API requests to the instance BXXXXN.ATLASSIAN.NET and let us know time date and timezone of the last time you tried to create an issue via REST API

 

Cheers,
Dario

Santosh Ojha June 5, 2020

@Dario B I tried couple of days back and will try again today to check. As I mentioned before, get request is going successful but 403 is there on POST only.

Will check this again and update.

I tried but no luck. Do you need to pass anything other than Authorization and content-type in header ? I tried on V2 as well but no luck.

Any setting need to be enable in cloud profile or project setting ?

It is working fine in local setup.

JIRA_cloud.JPG

Dario B
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
June 9, 2020

Hello @Santosh Ojha ,

In the provided screenshot I can see that the error returned is actually XSRF check failed. In this case you may want to check below KB:

 

In case above KB does not work please answer the question I asked in my previous post.

 

Cheers,
Dario

Like Santosh Ojha likes this
Santosh Ojha June 17, 2020

@Dario B 

Thank you buddies for your all guidance and help. It was very basic error. I was using http instead of https. After change, I started getting 400 and it worked after input correction.

"X-Atlassian-Token: no-check" is not required if user use is not admin.

Like Dario B likes this
Dario B
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
June 18, 2020

You are welcome @Santosh Ojha , happy to know the issue is solved! :) 

Suggest an answer

Log in or Sign up to answer
DEPLOYMENT TYPE
CLOUD
PRODUCT PLAN
FREE
PERMISSIONS LEVEL
Product Admin
TAGS
AUG Leaders

Atlassian Community Events