A pop-up survey could appear while you're here --curious what it's for? Click here to learn more!

×
Forums
Home Q&A Discussion groups Articles Ask a question Search
Learning
Events
Champions
Community
Forums
Home Q&A Discussion groups Articles Ask a question Search
Learning Events Champions
Forums
Home Q&A Discussion groups Articles Ask a question Search
Learning Events Champions

Forums

Articles
Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Q&A
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Why does API REST say my valid login ID are unauthorized?

Jef Lee
Jef Lee
June 24, 2019

I previously used the API to add comments to JIRA issues from a VB6 IDE add-in. Then it stopped working. Now we need it to work again. I found this suggested cURL command but the response is Unauthorized (401). Here's the command that I call from a batch file:

C:\tools\curl\bin\curl -k -u "MyName:MyPassword" -X POST "https://itvision.atlassian.net/rest/api/3/issue/SYN-11/comment" -H "Content-Type: application.json" --data "This is a test. Please ignore it. Thanks."

The SYN-11 JIRA issue exists.

I directed the command output to a text file. It seems to be HTML that says unauthorized. I was going to attach the file but there's no attach button for a file only link or image. So the file is at the bottom of this detail.

When I redirected the output I got additional output to the command window that said:

 % Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 23395 0 23354 100 41 27410 48 --:--:-- --:--:-- --:--:-- 27426

That doesn't look great. In the window it looked columnar.

So, the MyName:MyPassword are where I have my name and my password to log into the company's Atlassian cloud. I logged out to prove that my name and password worked - they did. So what is wrong when I try the API REST call?

Thanks

Jef.

Output file content below:

 

 

 

 


<html>

<head>

 

 


<title>Unauthorized (401)</title>

 

 

<!--[if IE]><![endif]-->
<script type="text/javascript" >
var contextPath = '';
var DeferScripts = { deferState: 'disabled' };
</script>

***************

Large section of script cut out from here to make request fit constraints

***************

<div> <script type="text/javascript" crossorigin="anonymous" data-encoding="gzip" src="https://jira-frontend-prod-ap-1.ap-southeast-2.prod.public.atl-paas.net/assets/language-pack.en_UK.b76495a9cf2d362e896b.7.js"></script> </div>
<meta name="application-name" content="JIRA" data-name="jira" data-version="1001.0.0-SNAPSHOT">
</head>
<body id="jira" class="aui-layout aui-style-default page-type-message" data-version="1001.0.0-SNAPSHOT" >
<div class="aui-page-panel"><div class="aui-page-panel-inner">
<section class="aui-page-panel-content">
<header class="aui-page-header"><div class="aui-page-header-inner">
<div class="aui-page-header-main">
<h1>Unauthorized (401)</h1>
</div><!-- .aui-page-header-main -->
</div><!-- .aui-page-header-inner --></header><!-- .aui-page-header -->
<div class="aui-message aui-message-warning warning">
<p>Encountered a <code>&quot;401 - Unauthorized&quot;</code> error while loading this page.</p>
<p><a href="/secure/MyJiraHome.jspa">Go to Jira home</a></p>
</div>
</section><!-- .aui-page-panel-content -->
</div><!-- .aui-page-panel-inner --></div><!-- .aui-page-panel -->
</body>
</html>

Answer
Watch
Like Be the first to like this
1314 views

1 answer

1 accepted

1 vote
Answer accepted
Alexey Matveev
Alexey Matveev
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Champions.
Get recognized
June 24, 2019

Hello,

You need to use the API token instead of the password. 

https://confluence.atlassian.com/cloud/api-tokens-938839638.html

View More Comments
Jef Lee
Jef Lee
June 24, 2019

Thank you Alexey.

I will try to do that.

Jef

Like
Jef Lee
Jef Lee
June 24, 2019

Thank you Alexey, that worked.

As a newcomer, I do not know if I should make this a new question or if it is considered part of this one. 

This is the request now:

C:\tools\curl\bin\curl -D- -X POST -H "Authorization: Basic ***Token Here***" -H "Content-Type: application/json" --data "{ \"body\":\"This is a test. Please ignore it. Thanks.\", \"visibility\": { \"type\": \"role\", \"value\": \"Administrators\" } }" https://itvision.atlassian.net/rest/api/2/issue/SYN-11/comment > junk.html

I got this HTML response:

HTTP/2 404 server: AtlassianProxy/1.15.8.1 vary: Accept-Encoding cache-control: no-cache, no-store, no-transform content-type: application/json;charset=UTF-8 strict-transport-security: max-age=315360000; includeSubDomains; preload date: Tue, 25 Jun 2019 05:48:02 GMT atl-traceid: f3b34f4ef25adf9a x-arequestid: bd83bf60-5ed2-4384-89bd-4bbb9367472d x-xss-protection: 1; mode=block timing-allow-origin: * x-content-type-options: nosniff set-cookie: atlassian.xsrf.token=BXK0-SOVR-6UJG-0M24_e8cc2d4ab6f2d93357f0e0ecc279fbbf55851de3_lout; Path=/; Secure {"errorMessages":["Issue does not exist or you do not have permission to see it."],"errors":{}}

The issue exists and I should have access according to my superiors.

Any suggestions...

Like
Alexey Matveev
Alexey Matveev
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Champions.
Get recognized
June 24, 2019

Use this rest api method to get the user under whom you connected

https://developer.atlassian.com/cloud/jira/platform/rest/v3/?utm_source=%2Fcloud%2Fjira%2Fplatform%2Frest%2F&utm_medium=302#api-rest-api-3-myself-get

Like
Andy Heinzer
Andy Heinzer
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Champions.
Get recognized
June 25, 2019

@Jef Lee There is an error in your REST API call that is causing this bad request error:

You appear to have just tried to use the API token itself directly in the auth header of:

curl -D- -X POST -H "Authorization: Basic ***Token Here***" -H "Content-Type: application/json"

However you can't just supply that token as a replacement for a password.  Instead you need to first encode your emailaddress:API_Token into a base64 string and supply that in the auth header.  Details in Basic auth for REST APIs :

Supplying basic auth headers

If you need to, you may construct and send basic auth headers yourself. To do this you need to perform the following steps:

  1. Generate an API token for Jira using your Atlassian Account: https://id.atlassian.com/manage/api-tokens.
  2. Build a string of the form useremail:api_token.
  3. BASE64 encode the string.
  4. Supply an Authorization header with content Basic followed by the encoded string. For example, the string fred:fred encodes to ZnJlZDpmcmVk in base64, so you would make the request as follows:
curl -D- \
-X GET \
-H "Authorization: Basic ZnJlZDpmcmVk" \
-H "Content-Type: application/json" \

Try this instead.  It should let you authenticate properly if encoded and supplied in the format expected.

Regards,

Andy

Like
Jef Lee
Jef Lee
June 25, 2019

Thanks again Alexey.

After struggling with the cURL sample for that rest api method and getting fails, I dropped the visibility definition and the bulk of the body settings settling for just "body": "text of the comment here". And it finally worked. It's simplistic, but it works. We didn't need anything fancy just the ability to add a simple comment tracking the development of a component in our product. I also changed the Authorization type in the example from "Bearer" to "Basic". The "Bearer" type did not work, but "Basic" type that I had seen somewhere else does. I hadn't read your latest message by then. Thanks for confirming that I did the right thing.

One last question (or set of questions) and I think I'm done.

I assume each developer needs his/her own token because it seems to use your Atlassian login somehow in building the token. 

So, how long does a token last?
Is it indefinite?
Or must it be replenished periodically?
Is it bound to the developer's login credentials? I think that's a Yes as I tried to use another developer's email address in the encode to base64 and the REST request failed with an access failure. Yet I know she can add comments to that issue because she has done so manually.
Lastly (I hope), if I changed my password would that void my token? 

Thanks again Alexey for all the help. It has moved me forward substantially.

Jef

Like
Jef Lee
Jef Lee
June 25, 2019

Oops.

Sorry Andy. I didn't click that you had supplied the last message about the token, encoding and Basic Authorization.

Thank you Andy for your help too.

Jef

Like
Alexey Matveev
Alexey Matveev
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Champions.
Get recognized
June 26, 2019

The token lasts until you remove it. It does not have time expiration.

The token is tied to the user, who created the token. Another user must create his/her own token.

If you change your password, then token will remain.

Like
Reply

Suggest an answer

Log in or Sign up to answer
Jira
Jira
TAGS
AUG Leaders

Atlassian Community Events

    See all events
    Community
    Forums
    FAQs Forums guidelines
    Learning
    About learning Resources
    Events
    Champions
    Copyright © 2025 Atlassian
    Privacy Policy Notice at Collection Terms Security