Forums
Home Q&A Discussion groups Articles Ask a question Search
Learning
Events
Champions
Community
Forums
Home Q&A Discussion groups Articles Ask a question Search
Learning Events Champions
Forums
Home Q&A Discussion groups Articles Ask a question Search
Learning Events Champions

Forums

Articles
Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Q&A
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Required scopes and permissions for /rest/api/3/issue/{issueIdOrKey

Nivi Mor
Nivi Mor October 27, 2025

I want to use the /rest/api/3/issue/{issueIdOrKey endpoint to query issues. I followed the docs and created a token with classic read:jira-work scope. 

When I query an existing issue I get:

{"errorMessages":["Issue does not exist or you do not have permission to see it."],"errors":{}}%

I even tried granular permissions but got the same result.

If I create non-scoped API token the API works and returns the issue.

As the user who created this token, I have permission to browse the project where the issue is.

What am I missing here?

Answer
Watch
Like Be the first to like this
191 views

2 answers

1 accepted

2 votes
Answer accepted
Gor Greyan
Gor Greyan
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
October 27, 2025

Hi @Nivi Mor

Yes, you are right, Nivi — that behavior happens because API tokens used with Basic authentication don’t use scopes at all.

Scopes are only enforced when you’re using OAuth 2.0 authentication (for example, when an external app integrates with Jira Cloud via the Atlassian platform). In that case, the access token’s scopes (like read:jira-work, write:jira-work, etc.) determine what the app can do.

However, when you use Basic auth with an email + API token, Jira treats the request as if it’s coming directly from your user account, so:

  • It completely ignores OAuth scopes.

  • Your request’s permissions depend only on your Jira account permissions (project browse rights, issue security, etc.).

  • That’s why the non-scoped API token worked, while the scoped OAuth token failed — the latter was missing the required OAuth context or proper cloud ID in the API URL.

Reply
2 votes
Nivi Mor
Nivi Mor October 27, 2025

OK I figured it out. Scopes are only relevant for OAuth 2, not for basic auth.

Reply

Suggest an answer

Log in or Sign up to answer
Jira
Jira
DEPLOYMENT TYPE
CLOUD
TAGS
AUG Leaders

Atlassian Community Events

    See all events
    Community
    Forums
    FAQs Forums guidelines
    Learning
    About learning Resources
    Events
    Champions
    Copyright © 2025 Atlassian
    Privacy Policy Notice at Collection Terms Security