Community
Products
Jira
Questions
Getting 403 when using Jira Deployments API

Getting 403 when using Jira Deployments API

Hi,

We want to push deployment information from our CI/CD stack into Jira using Deployments API (this). However, the endpoint fails with HTTP 403.

I have created a token using api-tokens endpoint. Calling `/rest/api/3/myself` endpoint works fine, and it returns HTTP 200. So the token is valid.

Below is curl request (without the company domain, and username/ token details), and the response we are getting. What could be the issue here?

curl -D- --location 'https://<my_company_domain>.atlassian.net/rest/deployments/0.1/bulk' \
-u <user>:<token> \
--header 'Content-Type: application/json' \
--data '{
"deployments": [
{
   "deploymentSequenceNumber": 100,
   "updateSequenceNumber": 1,
   "displayName": "Deployment number 16 of Data Depot",
   "url": "http://mydeployer.com/project1/1111-222-333/prod-east",
   "description": "The bits are being transferred",
   "lastUpdated": "2018-01-20T23:27:25.000Z",
   "label": "Release 2018-01-20_08-47-bc2421a",
   "duration": 47,
   "state": "in_progress",
   "pipeline": {
   "id": "e9c906a7-451f-4fa6-ae1a-c389e2e2d87c",
   "displayName": "Data Depot Deployment",
   "url": "http://mydeployer.com/project1"
},
   "environment": {
      "id": "8ec94d72-a4fc-4ac0-b31d-c5a595f373ba",
"displayName": "US East",
      "type": "production"
},
      "schemaVersion": "1.0"
    }
],
"providerMetadata": {
     "product": "Bamboo 6.10.2"
    }
}'
HTTP/2 403
date: Tue, 17 Dec 2024 13:34:48 GMT
content-type: text/html;charset=UTF-8
server: AtlassianEdge
timing-allow-origin: *
x-arequestid: f050f4a485459a32585d0a07ad655af8
set-cookie: atlassian.xsrf.token=44d71bbad6dbbbf580ccfe5be5bba8a5783070ca_lin; Path=/; SameSite=None; Secure
x-aaccountid: <redacted>
cache-control: no-cache, no-store, no-transform
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
atl-traceid: 4f17aba2b91f4c978d9053dc38d9c9d5
atl-request-id: 4f17aba2-b91f-4c97-8d90-53dc38d9c9d5
strict-transport-security: max-age=63072000; includeSubDomains; preload
report-to: {"endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], "group": "endpoint-1", "include_subdomains": true, "max_age": 600}
nel: {"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}
server-timing: atl-edge;dur=235,atl-edge-internal;dur=23,atl-edge-upstream;dur=213,atl-edge-pop;desc="aws-eu-central-1"

2 answers

1 accepted

1 vote

Answer accepted

D'oh, I completely forgot that this API does not work with the regular user API token.

Instead you need to create dedicated OAuth 2.0 credentials as a site-admin, as outlined in Integrating Jira Software Cloud with on-premises tools:

Jira Software Cloud provides OAuth 2.0 credentials that you can use to integrate Jira Software Cloud with on-premises (self-hosted) tools. [...]

This page provides instructions on implementing OAuth 2.0 authorization and calling the builds API, deployments API, development information API, and feature flags API.

Note that the Authorization flow is a slightly more complex multi-step handshake rather than the simple one based on long-term API tokens.

The referenced link where to get the credentials is broken, a variation is still available at Integrating with self-hosted tools using OAuth though:

Select > Apps.

From the sidebar, select OAuth credentials.

Select Create credentials.

Enter the following details:

App name - The name of the tool. This will display in your list of credentials.

Server base URL - A URL to the tool you're integrating with, used for future actions from the Jira issue view.

Logo URL - A URL to the tool’s logo, which will be used as an icon in the list of credentials.

Permissions - The permissions that the app has to call the DevOps related APIs.

Select Create.

Here's how that form looks like at a high level (more details when you select specific providers):

Good luck!

You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.

Comment

Thank you! That looks like the right way to go. We are reaching out to our Jira admin to help us get OAuth2 creds.

For the record, there are several different articles that explain how to do this, posting the links here, hope this will be useful for someone:

You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.

Comment

Like • Steffen Opel _Utoolity_ likes this

0 votes

Hi @Darius Damalakas, and welcome to the Atlassian Community!

I think you just added an additional slash '/' in your REST API path (happens to me all the time when copying example URLs like '/rest/deployments/0.1/bulk' from docs to the browser) - compare:

// 403: https://<my_company_domain>.atlassian.net//rest/deployments/0.1/bulk
// 200: https://<my_company_domain>.atlassian.net/rest/deployments/0.1/bulk

Cheers,
Steffen

You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.

Comment

Thanks! Completely missed that. I've had a `host` variable in Postman ending with a slash.

Updated the question, and retried, still same 403 response.

You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.

Comment

Like • Steffen Opel _Utoolity_ likes this

Suggest an answer

Was this helpful?

Thanks!

Jira

DEPLOYMENT TYPE

CLOUD

PRODUCT PLAN

PREMIUM

Product Q&A

Community resources

Support

Top groups

Community resources

Support

Learn

Community resources

Support

Events

Community resources

Support

Get product advice from experts

Join a community group

Advance your career with learning paths

Earn badges and rewards

Connect and share ideas at events

Getting 403 when using Jira Deployments API