Forums

Articles
Create
cancel
Showing results for 
Search instead for 
Did you mean: 

"You don't have permission to create issue in this project" with the Jira API with a service account

Zoltán Lehóczky
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
September 29, 2025

I'm creating Jira issues via the v2 RESTful API with a standard user account by using an API token. Everything works fine.

However, if I do the exact same thing with a service account, I get "You don't have permission to create issue in this project".

  • The only thing I changed in the code is the user e-mail and API token (from the standard users' to that of the service account).
  • I've configured the service account's in the exact same way: same app access, same user groups. The user groups give it access to a project with the Developers and Users roles.
  • I created the API token with all Jira classic scopes selected (I want to use granular scopes, and that's what I attempted previously, but I just want to make sure that there's no problem here).

So as far as I understand, this should just work. The standard and service accounts have the same accesses, yet while the standard one works, the service one doesn't. Can somebody provide any hints? Thank you!

1 answer

1 accepted

3 votes
Answer accepted
Dirk Ronsmans
Community Champion
September 29, 2025

Hi @Zoltán Lehóczky ,

Are you using the new build in Service Accounts?

If so, make sure you use the general base url https://api.atlassian.com as a base-url with a organization id instead of [companyname].atlassian.net

Scoped api tokens (and sevice accounts) cannot use the same endpoints (well they can but through a different base url)

More info can be found here:

https://support.atlassian.com/user-management/docs/manage-api-tokens-for-service-accounts/

https://developer.atlassian.com/cloud/confluence/oauth-2-3lo-apps/#3-2-construct-the-request-url

Zoltán Lehóczky
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
September 29, 2025

Thank you for your extremely quick reply! Now this is something I wouldn't have figured out easily. Because yes, I'm using the new service accounts.

I changed the base URL, so the issue creation request now POSTs to https://api.atlassian.com/ex/jira/<my cloud ID>/rest/api/2/issue. According to the docs you linked, this is correct. However, I get a 404. Does this point to an authorization issue still, or is it actually a wrong URL?

Dirk Ronsmans
Community Champion
September 29, 2025

Make sure to use the correct id from the site and not the organization Id from the admin hub.

You can get that if you go to admin.atlassian.com and then under "apps" select your site. Then you can take it from the url.

The available resources call doesn't seem to work for me either to get the right id.

 

Zoltán Lehóczky
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
September 29, 2025

Yeah, that's the ID I'm using. If that matters, the ID is in the URLs like https://admin.atlassian.com/o/<ID here>/products and not https://admin.atlassian.com/s/<ID here> as the docs say. However, the https://<my-site-name>.atlassian.net/_edge/tenant_info endpoint does provide a different, correct ID! And that works with the API requests too. So, thank you for your help!

For anybody stumbling here, be aware, that if you use basic auth (i.e. not OAuth) for API authentication, then you must use the classic scopes, granular ones won't work.

Like Tim Kopperud likes this

Suggest an answer

Log in or Sign up to answer
DEPLOYMENT TYPE
CLOUD
PRODUCT PLAN
STANDARD
PERMISSIONS LEVEL
Product Admin
TAGS
AUG Leaders

Atlassian Community Events