Just a heads up: On March 24, 2025, starting at 4:30pm CDT / 19:30 UTC, the site will be undergoing scheduled maintenance for a few hours. During this time, the site might be unavailable for a short while. Thanks for your patience.

×
Create
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Product Q&A
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

I am unable to get the API Token working with Postman or CURL

Michael Maliska
Michael Maliska April 29, 2020 edited

I have created an API token.
I am sure it is not revoked and I have recreated it fresh.
I get this error when running via POSTMAN or CURL

{"errorMessages":["Issue does not exist or you do not have permission to see it."],"errors":{}}[

I am able to get a response via Chrome Browser
https://xxx.atlassian.net/rest/api/3/issue/AUT-1902

But when I do this:
curl -v https://xxx.atlassian.net/rest/api/3/issue/AUT-1902 --user xxx@xxx.com:my_token

I get the above error:
{"errorMessages":["Issue does not exist or you do not have permission to see it."],"errors":{}}[
< HTTP/1.1 404
< Server: AtlassianProxy/1.15.8.1

This email seems to not even matter I can put anything in there for the email and I get the same error.

 

Answer
Watch
Like Be the first to like this
9025 views

2 answers

1 accepted

1 vote
Answer accepted
Andy Heinzer
Andy Heinzer
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
April 30, 2020

Hi Michael,

I see that you're using Jira Cloud, and you are using an API token to try to authenticate here.  From looking at your error message, I'm convinced that your requests are actually not authenticated correctly here.  This is one possible explanation for why you get that error message.

Last year we deprecated support for basic auth to use passwords and cookie based-authentication for Jira Cloud. We've tried to document this in Basic auth for REST APIs as well.  The bottom of that page has a section I think is relevant in your case:

Authentication challenges

Because Jira permits a default level of access to anonymous users, it does not supply a typical authentication challenge. Some HTTP client software expect to receive an authentication challenge before they will send an authorization header. This means that it may not behave as expected. In this case, you may need to configure it to supply the authorization header, as described above, rather than relying on its default mechanism.

Try following the steps to supply this authorization info via the passed headers in that 2nd link instead.  It does require you to build a string of emailaddress:APItoken and then base64 encode it.  That resulting string is what has to be passed in the header, not the API token itself.  

I know that it was once possible in the past to use the API token in the manner you are using it now, but I believe this change was made intentionally to improve the security aspects of using basic auth here.

Let me know if you have any questions or concerns about following these steps.

Andy

View More Comments
Michael Maliska
Michael Maliska April 30, 2020

Thank you @Andy Heinzer this worked for me.
I had to encode the username:token

Like
Mojammel Hossain
Mojammel Hossain
Contributor
February 22, 2023

@Andy Heinzer encoded the api token with user email but not working in postman even after encoding. Whenever you add 'Basic' prefix, JIRA is responding with 401 unauthorized 

Basic authentication with passwords is deprecated. For more information, see: https://developer.atlassian.com/cloud/confluence/deprecation-notice-basic-auth/

Like
Andy Heinzer
Andy Heinzer
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
February 22, 2023

@Mojammel Hossain I've seen that error in responses as well.  However when I see it, it tends to be because the encoding wasn't done correctly or the authorization is also attempting to a username outright.

I'd recommend walking through the encoding steps in Basic auth for REST APIs.  I have seen that trying to encode this string in other methods outside our documented steps sometimes includes an extra space, whitespace character, or carriage return.  Which tends to muddle the expected encoded string.

I've tested this just today using postman and it still works for me.  But I tried to mess up my encoded string on purpose and only then do I receive that response of

Basic authentication with passwords is deprecated. For more information, see: https://developer.atlassian.com/cloud/confluence/deprecation-notice-basic-auth/

It appears the system is now defaulting to this response when the current encoded string is not authorizing.

Like
Mojammel Hossain
Mojammel Hossain
Contributor
February 22, 2023

It worked: meticulously followed the base encoding steps; and manually added the auth in the header.. Thanks for the prompt reply

Like
Rickard Yxelflod
Rickard Yxelflod
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
Get involved
May 16, 2023

I've tried several times with different tokens, and I can't get it to work. I've followed the steps for base64 encoding the token, trying both Windows and Linux, but I keep getting the same response:

 

400 Bad Request

 

{

    "errorMessages": [

        "Either 'usernames' or 'keys' or 'accountIDs' need to be provided"

    ],

    "errors": {}

}
Like
Mojammel Hossain
Mojammel Hossain
Contributor
May 17, 2023

 

don't add anything in the postman authorization tab; rather add the authorization in the header as key and the encoded string as value 

Like
Reply
0 votes
Randy
Randy
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
April 29, 2020 
curl -i -u xxx@xxx.com:my_token -H "Content-Type: application/json" -X POST -d '"accountId"' https://xxx.atlassian.net/rest/api/3/issue/AUT-1902
View More Comments
Michael Maliska
Michael Maliska May 1, 2020

Thank you @Randy it turned out that the issue was that I needed to base64 encode the username and token

Like Randy likes this
Reply

Suggest an answer

Log in or Sign up to answer
Jira
Jira
DEPLOYMENT TYPE
CLOUD
PRODUCT PLAN
STANDARD
TAGS
AUG Leaders

Upcoming Jira Events