Create
cancel
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
It's not the same without you

Join the community to find out what other Atlassian users are discussing, debating and creating.

Atlassian Community Hero Image Collage

401 Trying to use Insight API

Edited

Main Error

I keep getting 401 Unauthorized when trying to GET https://api.atlassian.com/jsm/insight/workspace/{WorkspaceID}/v1/iql/objects

 

Actually anything under https://api.atlassian.com/jsm/insight/workspace/{WorkspaceID}/v1/ returns a 401 at this point  

Troubleshooting bits

Question

At this point I'm not sure which URL and Auth method I should be using tbh. The documentation seems a bit obscure :(

Which documentation should I be looking at?

Huge thanks in advance :)

1 answer

1 vote
Andy Heinzer Atlassian Team Nov 02, 2021

Hi Dalmiro,

Sorry to hear about this problem.  It looks like you're using Jira Cloud, but the document you reference here appears to be the older server edition of Insight.  For Jira Service Management Cloud's Insights API, please check out https://developer.atlassian.com/cloud/insight/intro/introduction-and-basics/

It has a brief overview of how authorization is expected depending on the types of calls being made here.  But then it also has a link to the detailed endpoints documentation such as https://developer.atlassian.com/cloud/insight/rest/

Try that and let me know if you run into any problems here.

Andy

Thanks for getting back to me Andy :)

Based on that doc I should be able to GET https://api.atlassian.com/jsm/insight/workspace/[workspaceID]/v1/iql/objects , right?

If I do the above I keep getting 401s even though:

  • Those same credentials are getting me through https://{mysite}/rest/servicedeskapi/insight/workspace which is from where I got the WorkspaceID
  • I can browse Insight from the Web UI and look at objects just fine.

 

Am I lacking some kind of permission that only matters at an API level? If so, is there some doc that I can send my administrators to convince them to get me the permissions?

 

Thanks!

Andy Heinzer Atlassian Team Nov 04, 2021

Yes, that call should work.  There is no separate API permission restriction to my knowledge.  If your account can view this information in the web GUI, then making REST calls with the same account credentials should return the same results.

But if you're seeing a 401 error, this is a pretty clear indication that authorization is either failing or your account here doesn't have the ability to see this. 

Which method to authenticate to the REST API are you using in your call?  (Basic Auth, OAuth, a Connect or Forge App, etc?)

I'm using Basic Auth with my company email and a token I created for this task. I'm getting the same result from Postman and regular Curl

curl -D- \
-u my.user@company.com:P4$$w0Rd \
-X GET \
-H "Content-Type: application/json" \
https://api.atlassian.com/jsm/insight/workspace/{WorkspaceID}/v1/iql/objects

 

HTTP/2 401
server: envoy
cache-control: no-cache, no-store, max-age=0, must-revalidate
strict-transport-security: max-age=315360000; includeSubDomains; preload
date: Thu, 04 Nov 2021 21:19:44 GMT
x-request-id: 28c8a05cb7526bf4
expires: 0
pragma: no-cache
x-xss-protection: 1; mode=block
x-envoy-upstream-service-time: 78
x-content-type-options: nosniff
x-trace-id: 28c8a05cb7526bf4
x-frame-options: SameOrigin
expect-ct: report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", enforce, max-age=86400
content-length: 0


Another thing that confuses me is that all the GET calls I see when browsing Insight from JIRA and the browser`s developer tools look like this one:

https://insight-cloud.riada.io/rest/insight/1.0/global/config/object?objectschemaid=1&objecttypeid=7&_=1636060927480

 

Is that rool URL the expected one?

Andy Heinzer Atlassian Team Nov 05, 2021

With basic auth in Atlassian Cloud, we have deprecated the use of a password.  While you can still use a token, I have seen other users report that trying to use the token in the same way as a password will frequently result in authorization errors.  Indeed at one time we did accept tokens in this manner, but no more.

I can see that in your curl call, the use of the -u switch is not going to work for making these calls.  This is because of the way that curl is trying to actually create a login call here.  Instead, please review Basic Auth for REST APIs. This guide has steps for how you have to first create a string composed of your

emailaddress:APItoken

And then base64 encode that string.  From there you have then to craft an authorization header that includes that encoded string.  This header is what will be providing your REST API call the proper authorization.

 

Your call should look something like this in curl

curl -D- GET \
-H "Authorization: Basic dXNlckBleGFtcGxlLmNvbTphcGlfdG9rZW5fc3RyaW5n" \
-H "Content-Type: application/json" \
"https://api.atlassian.com/jsm/insight/workspace/{WorkspaceID}/v1/iql/objects"

Try that and let me know if that helps.

Andy

I had already tried using headers with base64 encrypted creds and I'm still getting 401s.

This is what I did:


- Tried that same command you sent me with my encoded creds in the "Authorization" header -> Got 401

- Tried to GET https://{MySite}/rest/servicedeskapi/insight/workspace to get my workspace ID using the same header as the previous test (just to make sure my encoded creds are actually working) -> Everything worked

- Tried that same header doing a GET to https://{MySite}/rest/api/2/issue/pos-9317 -> Everything worked

 

So my creds are clearly getting me somewhere, but not in the realm of Insight :(

Andy Heinzer Atlassian Team Nov 08, 2021

Sorry to hear that.  I believe you are on the right track here, but there must be something else causing this error.  I tested this out on an example Cloud site with Insight.  I got my workspace ID from calling my site

curl -D- -X GET -H "Authorization: Basic [redacted]" \
-H "Content-Type: application/json" \
"https://[mytestsite].atlassian.net/rest/servicedeskapi/insight/workspace"

Which gave me the workspace ID.  And then made a similar insight call of

curl -D- -X GET -H "Authorization: Basic [redacted]" \
-H "Content-Type: application/json" \
https://api.atlassian.com/jsm/insight/workspace/[redactedWorkspaceID]/v1/objectschema/list

and I got back a response of

HTTP/2 200 
server: envoy
vary: Accept-Encoding
cache-control: no-cache, no-store, max-age=0, must-revalidate
content-type: application/json
strict-transport-security: max-age=315360000; includeSubDomains; preload
date: Mon, 08 Nov 2021 18:56:55 GMT
x-request-id: [redacted]
expires: 0
pragma: no-cache
x-xss-protection: 1; mode=block
x-envoy-upstream-service-time: 353
x-content-type-options: nosniff
x-trace-id: [redacted]
x-frame-options: SameOrigin
expect-ct: report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", enforce, max-age=86400
content-length: 2016

{"startAt":0,"maxResults":25,"total":6,"values":[{"workspaceId":"[redactedWorkspaceID]","globalId":"[redactedWorkspaceID]:4","id":"4","name":"Computers","objectSchemaKey":"COM","status":"Ok","description":"","created":"2021-08-04T22:46:00.798Z","updated":"2021-08-04T22:46:00.817Z","objectCount":3,"objectTypeCount":2,"idAsInt":4},{"workspaceId":"[redactedWorkspaceID]","globalId":"[redactedWorkspaceID]:3","id":"3","name":"ABCDE","objectSchemaKey":"MER","status":"Ok","description":"ABCDE in Store","created":"2021-06-11T13:35:04.709Z","updated":"2021-06-11T13:35:04.797Z","objectCount":10,"objectTypeCount":4,"idAsInt":3},{"workspaceId":"[redactedWorkspaceID]","globalId":"[redactedWorkspaceID]:5","id":"5","name":"MSC","objectSchemaKey":"MSC","status":"Ok","description":"","created":"2021-09-18T10:51:02.078Z","updated":"2021-09-18T10:51:02.136Z","objectCount":0,"objectTypeCount":0,"idAsInt":5},{"workspaceId":"[redactedWorkspaceID]","globalId":"[redactedWorkspaceID]:38","id":"38","name":"Recruiting Scheme","objectSchemaKey":"AP","status":"Ok","description":"","created":"2021-10-22T18:05:58.556Z","updated":"2021-10-22T18:49:31.540Z","objectCount":8,"objectTypeCount":4,"idAsInt":38},{"workspaceId":"[redactedWorkspaceID]","globalId":"[redactedWorkspaceID]:1","id":"1","name":"Services","objectSchemaKey":"SVC","status":"Ok","description":"Contains the 'Service' object type and services your site uses across projects.","created":"2021-03-26T04:56:02.417Z","updated":"2021-03-26T04:56:02.434Z","objectCount":3,"objectTypeCount":1,"idAsInt":1},{"workspaceId":"[redactedWorkspaceID]","globalId":"[redactedWorkspaceID]:2","id":"2","name":"WBU Insight","objectSchemaKey":"WI","status":"Ok","created":"2021-05-04T04:30:47.982Z","updated":"2021-05-04T04:30:47.997Z","objectCount":4,"objectTypeCount":2,"idAsInt":2}],"isLast":true}

I also called the IQL endpoint in your example, but my response was too large to post here in Community.  So I can confirm that this is the correct method to call this endpoint.  But I don't have a clear answer as to why your account might not be able to do this. 

At this point I believe the problem is in either the account itself doesn't have permissions to view this info, OR the authorization header is incorrect and in turn won't provide access.  But neither really seem clear to me given that other REST API calls appear to work here. I also tried to use a separate account to make a call to this same site.  In that case I too got a 401 error, but in that case, it's expected because that user was not actually a user on that site. 

Are there any other users on your site that are using the REST API to access this insight data?  I'm just curious to see if we can better understand if the problem is isolated to your account or perhaps there is something else unique to your Cloud site that might be a factor in this problem.

It might be helpful to create a support case to investigate this further.  The problem with doing that is that your account is not a site-admin and in turn you cannot create this yourself.  However if you can reach out to a site-admin of your Atlassian Cloud site and then get that user to create a support case and include you on it over in https://support.atlassian.com/contact/

Perhaps then our support team can view some more private information confidentially than what we can reasonably expect to share here in Community.

Andy

Suggest an answer

Log in or Sign up to answer
TAGS
Community showcase
Published in Jira Service Management

JSM Jira Automation: How to Send SLA Breached Notifications

Hi Everyone, In   this tutorial,  we will show you how you can monitor an SLA, and send notifications before or after the SLA has been breached.   SLA Threshold Trigger The SLA t...

779 views 5 13
Read article

Community Events

Connect with like-minded Atlassian users at free events near you!

Find an event

Connect with like-minded Atlassian users at free events near you!

Unfortunately there are no Community Events near you at the moment.

Host an event

You're one step closer to meeting fellow Atlassian users at your local event. Learn more about Community Events

Events near you