Forums
Home Product Q&A Discussion groups Articles Ask a question Search
Learning
Events
Champions

Forums

Articles
Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Product Q&A
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Using API Token but get message: "Basic auth with password is not allowed on this instance"

andrzej.gieralt
andrzej.gieralt May 6, 2020

Hello,

 

I am trying to create a way for users to create JIRAs and am very new to the JIRA Rest API. I have created a Token for myself, and am using it in the code using these lines: 

restReq.open "POST", url, false, passw
restReq.send

...where passw is equal to the token surrounded within this: "<...;"

I am getting a message saying "Basic auth with password is not allowed on this instance" but, clearly I am using the Token. Does anyone know how to solve this?

 

Thanks

Answer
Watch
Like Be the first to like this
1321 views

1 answer

1 accepted

0 votes
Answer accepted
Andy Heinzer
Andy Heinzer
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
May 7, 2020

Hi Andrzej,

I see that you're using Jira Cloud, and you are using an API token to try to authenticate here.  But you are getting an error message that indicates you cannot use basic auth with a password, even though this is an API token.  Last year we deprecated support for basic auth to use passwords and cookie based-authentication for Jira Cloud. We've tried to document this in Basic auth for REST APIs as well.  The bottom of that page has a section I think is relevant in your case:

Authentication challenges

Because Jira permits a default level of access to anonymous users, it does not supply a typical authentication challenge. Some HTTP client software expect to receive an authentication challenge before they will send an authorization header. This means that it may not behave as expected. In this case, you may need to configure it to supply the authorization header, as described above, rather than relying on its default mechanism.

Try following the steps to supply this authorization info via the passed headers in that 2nd link instead.  It does require you to build a string of emailaddress:APItoken and then base64 encode it.  That resulting string is what has to be passed in the header, not the API token itself.  Right now, you are technically trying to pass the API token as if it was a password.  This particular error message is letting us know we can't do that.

I know that it was once possible in the past to use the API token in the manner you are using it now, but I believe this change was made intentionally to improve the security aspects of using basic auth here.

Let me know if you have any questions or concerns about following these steps.

Andy

View More Comments
andrzej.gieralt
andrzej.gieralt May 11, 2020

Thank you, it seems it has made some changes but, now I am getting a new error:

 

{"errorMessages":["Unexpected character ('S' (code 83)): expected a valid value (number, String, array, object, 'true', 'false' or 'null')\n at [Source: org.apache.catalina.connector.CoyoteInputStream@341ee091; line: 1, column: 30]"]}

Like
andrzej.gieralt
andrzej.gieralt May 11, 2020

I should clarify, I have an object called restReq created thus: Set restReq = CreateObject("Msxml2.ServerXMLHTTP") and I set its header in the following way and add my JIRA ticket json - is this correct?

 

restReq.open "POST",url, false
restReq.SetRequestHeader "Authorization", "Basic " & base64Encoded
restReq.setRequestHeader "Content-Type", "application/json"
restReq.send strJSONToSend

wl(restReq.responseText)

Like
Andy Heinzer
Andy Heinzer
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
May 11, 2020

I'm not very familiar with using ServerXMLHTTP, but I ran across the Microsoft documentation on it. It has a section on "Using ServerXMLHTTP to POST XML to an ASP page"

https://docs.microsoft.com/en-us/previous-versions/windows/desktop/ms766431(v%3Dvs.85)#using-serverxmlhttp-to-post-xml-to-an-asp-page

I think we could use this as a template, even though we're not posting to an ASP page here.  Your headers look to be ok from what I can see. The data payload is expected to be sent as a JSON format.  But I don't yet understand which REST endpoint in Jira you are trying to call here.  Perhaps if I could see more of the example data and endpoint I could help figure out the proper syntax so that Jira will understand this call.

Jira will respond in a JSON format as well, so it tends to be helpful to try to listen for/capture that json info.  If the call fails, that response tends to give us more clues as to why.

Like
andrzej.gieralt
andrzej.gieralt May 11, 2020

Sorry, the errors are resolved. Thank you for your help!

Like Andy Heinzer likes this
Reply

Suggest an answer

Log in or Sign up to answer
Jira
Jira
TAGS
AUG Leaders

Atlassian Community Events

    See all events
    Community
    Forums
    FAQs Forums guidelines
    Learning
    About learning Resources
    Events
    Champions
    Copyright © 2025 Atlassian
    Privacy Policy Notice at Collection Terms Security