Create
cancel
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Celebration

Earn badges and make progress

You're on your way to the next level! Join the Kudos program to earn points and save your progress.

Deleted user Avatar
Deleted user

Level 1: Seed

25 / 150 points

Next: Root

Avatar

1 badge earned

Collect

Participate in fun challenges

Challenges come and go, but your rewards stay with you. Do more to earn more!

Challenges
Coins

Gift kudos to your peers

What goes around comes around! Share the love by gifting kudos to your peers.

Recognition
Ribbon

Rise up in the ranks

Keep earning points to reach the top of the leaderboard. It resets every quarter so you always have a chance!

Leaderboard

Come for the products,
stay for the community

The Atlassian Community can help you and your team get more value out of Atlassian products and practices.

Atlassian Community about banner
4,457,963
Community Members
 
Community Events
176
Community Groups

API retuning "Project does not exist" when it does

Hey all, not sure where my last post went, but I have an API issue where we're calling for a project via Adobe WorkFront and JIRA Cloud is returning "The value '{project_key}' does not exist from the field 'project'."

I see this project in a list of projects when I query the API, so I know it's there, not sure it will not return for Workfront.

Let me know if there is more information I can provide.

1 answer

1 accepted

0 votes
Answer accepted

Welcome to the Atlassian Community!

One very quick one to check to start with - does the user you are using to try to read Jira Cloud have the "browse project" permission for the "missing" project?  If they can't see the issues in the project, you can get "this project does not exist" in the response!

Thanks for the response!!

I thought it might be the perms as well, so, just to test, I set the user at Admin level in the project just to verify if it was indeed perms issue and I still get the same error.

I can select another project and it works just fine, it's just this one project.

It's not using any special schemes outside the ordinary.

Mmm, this catches out a lot of people - admin means admin, not "can do anything" or project permissions. Making them an admin might not give them browse project.

You have to check the permission scheme - to whom does it grant "browse project"?  And is that user included by the rule? 

I added a few more permission groups and this seems to have solved the issue. Better error messages would help here as well.

Thanks!

Yes, it would be better for a message of "project does not exist, or you cannot see it". (You don't want to leak information by saying "project exists, but you're not allowed in", it should not give away that the project exists)

Like Dennis Christilaw likes this

"Permission Denied" is acceptable, it's generic and can mean you don't have perms to the company, board, project, other things and does not really risk much, but for those of us doing work like this, it would have made this a lot easier to troubleshoot.

No, because you've now told your attacker that the project exists. 

Unless you change all the messaging to "permission denied", irrespective of whether it's the permissions or the non-existence of the project.

True, but if an attacker has gotten this far, you have a LOT more issues than this. :)

Um, why?  Anyone can issue a REST call to look at a project on a Cloud system.  They could get this far in the first attempt, just by reading the docs or Community posts.

Suggest an answer

Log in or Sign up to answer
TAGS

Atlassian Community Events