Using service account to call v3 rest api (e.g Get issue)

Hi there @Harrizontal 

I think I see what’s happening.

In Jira Cloud, getting a 404 (“Issue does not exist or you do not have permission to see it”) usually means authentication is working, but the user behind the API token (your service account) doesn’t actually have permission to view that issue.

Granting app roles and creating an API token (even with read:jira-work) doesn’t automatically give the account access to project issues — Jira still enforces the project permission scheme and issue-level security:
Project permissions: The service account (or a group it belongs to) must have Browse Projects (and typically View Issues) in the project’s permission scheme.

Issue Security (very common): If the project uses an Issue Security Scheme, the service account must also be included in the relevant security level; otherwise Jira will return the same 404 even if the account can browse the project.

The quickest sanity check is: can you log into Jira as that service account and open the issue in the UI (/browse/KEY-123)?
If it can’t see it in the browser, it won’t be able to fetch it via /rest/api/3/issue/{issueIdOrKey} either.

Also worth double-checking that Basic Auth is set up as email address + API token (base64 of email:token) and that you’re calling the correct site URL (https://<your-site>.atlassian.net).

in most cases it comes down to product access + Browse Projects and/or Issue Security.

@Harrizontal i'd like to direct you to this article 

https://community.atlassian.com/forums/Jira-Cloud-Admins-articles/A-Guide-to-Service-Accounts-in-Atlassian-Cloud-Part-3-Service/ba-p/3186388

The main take away here to validate is that you are using the correct endpoint base url. When using a normal account without a scoped token your base url would be your site url. However, if you use a scoped token it would be api.atlassian.com/.... as described in the article.

Can you confirm that you are using the correct url?

Hi @Harrizontal welcome

Give the account a Jira license for the product that hosts the issue (Jira Software vs. Jira Service Management). Without product access, the API can’t see issues. Add the service account (via group/role) to a permission scheme that grants Browse projects for that project. Without  Browse, you’ll get the same 404. If the project uses an Issue Security Scheme, ensure the service account is in a level that can view that issue. Otherwise: 404.
For Jira Service Management issues, the service account often needs agent access to see agent‑only fields/comments; lacking product access can look like a 404.

Hope this helps!

Hey @Harrizontal

Welcome to Atlassian Community!

Service accounts use tokens with scopes, and the format of the base URL is different in this scenario.

The format is {{https://api.atlassian.com/ex/jira/{cloudId}} as explained in this document.

To find the cloud ID, go to admin.atlassian.com > Apps > Sites and select your site. The URL contains your site ID (after /s).

I hope this helps!

Thanks!