Forums
Home Q&A Discussion groups Articles Ask a question Search
Learning
Events
Champions
Community
Forums
Home Q&A Discussion groups Articles Ask a question Search
Learning Events Champions
Forums
Home Q&A Discussion groups Articles Ask a question Search
Learning Events Champions

Forums

Articles
Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Q&A
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

"You don't have permission to create issue in this project" with the Jira API with a service account

Zoltán Lehóczky
Zoltán Lehóczky
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
September 29, 2025

I'm creating Jira issues via the v2 RESTful API with a standard user account by using an API token. Everything works fine.

However, if I do the exact same thing with a service account, I get "You don't have permission to create issue in this project".

  • The only thing I changed in the code is the user e-mail and API token (from the standard users' to that of the service account).
  • I've configured the service account's in the exact same way: same app access, same user groups. The user groups give it access to a project with the Developers and Users roles.
  • I created the API token with all Jira classic scopes selected (I want to use granular scopes, and that's what I attempted previously, but I just want to make sure that there's no problem here).

So as far as I understand, this should just work. The standard and service accounts have the same accesses, yet while the standard one works, the service one doesn't. Can somebody provide any hints? Thank you!

Answer
Watch
Like Be the first to like this
635 views

1 answer

1 accepted

3 votes
Answer accepted
Dirk Ronsmans
Dirk Ronsmans
Community Champion
September 29, 2025

Hi @Zoltán Lehóczky ,

Are you using the new build in Service Accounts?

If so, make sure you use the general base url https://api.atlassian.com as a base-url with a organization id instead of [companyname].atlassian.net

Scoped api tokens (and sevice accounts) cannot use the same endpoints (well they can but through a different base url)

More info can be found here:

https://support.atlassian.com/user-management/docs/manage-api-tokens-for-service-accounts/

https://developer.atlassian.com/cloud/confluence/oauth-2-3lo-apps/#3-2-construct-the-request-url

View More Comments
Zoltán Lehóczky
Zoltán Lehóczky
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
September 29, 2025

Thank you for your extremely quick reply! Now this is something I wouldn't have figured out easily. Because yes, I'm using the new service accounts.

I changed the base URL, so the issue creation request now POSTs to https://api.atlassian.com/ex/jira/<my cloud ID>/rest/api/2/issue. According to the docs you linked, this is correct. However, I get a 404. Does this point to an authorization issue still, or is it actually a wrong URL?

Like
Dirk Ronsmans
Dirk Ronsmans
Community Champion
September 29, 2025

Make sure to use the correct id from the site and not the organization Id from the admin hub.

You can get that if you go to admin.atlassian.com and then under "apps" select your site. Then you can take it from the url.

The available resources call doesn't seem to work for me either to get the right id.

 

Like
Zoltán Lehóczky
Zoltán Lehóczky
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
September 29, 2025

Yeah, that's the ID I'm using. If that matters, the ID is in the URLs like https://admin.atlassian.com/o/<ID here>/products and not https://admin.atlassian.com/s/<ID here> as the docs say. However, the https://<my-site-name>.atlassian.net/_edge/tenant_info endpoint does provide a different, correct ID! And that works with the API requests too. So, thank you for your help!

For anybody stumbling here, be aware, that if you use basic auth (i.e. not OAuth) for API authentication, then you must use the classic scopes, granular ones won't work.

Like Tim Kopperud likes this
Reply

Suggest an answer

Log in or Sign up to answer
Jira
Jira
DEPLOYMENT TYPE
CLOUD
PRODUCT PLAN
STANDARD
PERMISSIONS LEVEL
Product Admin
TAGS
AUG Leaders

Atlassian Community Events

    See all events
    Community
    Forums
    FAQs Forums guidelines
    Learning
    About learning Resources
    Events
    Champions
    Copyright © 2025 Atlassian
    Privacy Policy Notice at Collection Terms Security