Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Products
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

JIRA REST call responds with a 403

Jan Revis
Jan Revis April 13, 2016

Hi,

We have a JIRA connect plugin running in production.  We have a user who is experiencing trouble accessing certain resources.  I believe I have traced the problem to a rest call to JIRA that is resulting in an error response. It appears that calling to /api/2/issue/{issue id}?fields=attachment responses with a 403 error.  This appears to be occurring for this specific client.  When I checked the online documentation at https://docs.atlassian.com/jira/REST/latest/#api/2/issue-getIssue, the only possible error response is a 404 if the user does not have permission or the issue does not exist.  I believe this not an issue wth the JWT token, since an invalid token should result in a 401 error.  Another note, the plugin does not propagate the sub field of the JWT token so the user making the call is the plugin itself.

 

What conditions would result in a 403 error for this REST call?

Watch
Like Be the first to like this
5521 views

1 answer

1 accepted

Comments for this post are closed

Community moderators have prevented the ability to post new answers.

Post a new question

1 vote
Answer accepted
peterb
peterb
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
April 13, 2016

Hi Jan,

 

The 403 code means "unauthorised": JIRA knows who the user is but they're not allowed to see this resource. Most of JIRA's REST API endpoints can return HTTP 401 or 403 because most reference customer data, which may not be anonymously accessible and even not accessible to all users.

 

I'm unclear on whether you're making this call to the getIssue API from the user's browser or your server. If the former then this particular browser user does not have permission to see this issue. If the latter then the add-on user in this particular JIRA instance lacks permission. Either way you should detect the 403 response and do something appropriate (e.g. tell the user that they lack permission and to ask their administrator if they want to get permission).

 

-Peter

Reply
Atlassian logo
Answers Developer Questions
TAGS
AUG Leaders

Atlassian Community Events

    See all events