I'm creating Jira issues via the v2 RESTful API with a standard user account by using an API token. Everything works fine.
However, if I do the exact same thing with a service account, I get "You don't have permission to create issue in this project".
So as far as I understand, this should just work. The standard and service accounts have the same accesses, yet while the standard one works, the service one doesn't. Can somebody provide any hints? Thank you!
Hi @Zoltán Lehóczky ,
Are you using the new build in Service Accounts?
If so, make sure you use the general base url https://api.atlassian.com as a base-url with a organization id instead of [companyname].atlassian.net
Scoped api tokens (and sevice accounts) cannot use the same endpoints (well they can but through a different base url)
More info can be found here:
https://support.atlassian.com/user-management/docs/manage-api-tokens-for-service-accounts/
https://developer.atlassian.com/cloud/confluence/oauth-2-3lo-apps/#3-2-construct-the-request-url
Thank you for your extremely quick reply! Now this is something I wouldn't have figured out easily. Because yes, I'm using the new service accounts.
I changed the base URL, so the issue creation request now POSTs to https://api.atlassian.com/ex/jira/<my cloud ID>/rest/api/2/issue. According to the docs you linked, this is correct. However, I get a 404. Does this point to an authorization issue still, or is it actually a wrong URL?
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Make sure to use the correct id from the site and not the organization Id from the admin hub.
You can get that if you go to admin.atlassian.com and then under "apps" select your site. Then you can take it from the url.
The available resources call doesn't seem to work for me either to get the right id.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Yeah, that's the ID I'm using. If that matters, the ID is in the URLs like https://admin.atlassian.com/o/<ID here>/products and not https://admin.atlassian.com/s/<ID here> as the docs say. However, the https://<my-site-name>.atlassian.net/_edge/tenant_info endpoint does provide a different, correct ID! And that works with the API requests too. So, thank you for your help!
For anybody stumbling here, be aware, that if you use basic auth (i.e. not OAuth) for API authentication, then you must use the classic scopes, granular ones won't work.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.