Showing results for 
Search instead for 
Did you mean: 
Sign up Log in

Next challenges

Recent achievements

  • Global
  • Personal


  • Give kudos
  • Received
  • Given


  • Global

Trophy case

Kudos (beta program)

Kudos logo

You've been invited into the Kudos (beta program) private group. Chat with others in the program, or give feedback to Atlassian.

View group

It's not the same without you

Join the community to find out what other Atlassian users are discussing, debating and creating.

Atlassian Community Hero Image Collage

JIRA REST API - Authentication issues


- Version: Atlassian Jira Project Management Software (v8.14.0#814001

- Use case: Placing external links to JIRA issues

- URL: POST https://[jiraurl]/rest/api/latest/issue/[issuenumber]/remotelink

- Body:

{    "globalId""system=[externalurl]",    "application": {        "type""Something",        "name""Something"    },    "relationship""causes",    "object": {        "url""[externalurl]",        "title""Something",        "summary""Something",        "icon": {            "url16x16""[url]",            "title""Something"        }    }}

- Header: Authorization: Basic base64encoded(user:password)


I have tried authenticating with both a regular password (now deprecated) and an application token. However the nginx server returns a 401 Unauthorized HTML:

Response headers: {Server=[nginx], Date=[Tue, 24 Nov 2020 12:34:30 GMT], Content-Type=[text/html;charset=UTF-8], Transfer-Encoding=[chunked], Connection=[keep-alive], X-AREQUESTID=[..], Referrer-Policy=[strict-origin-when-cross-origin], X-XSS-Protection=[1; mode=block], X-Content-Type-Options=[nosniff], X-Frame-Options=[SAMEORIGIN], Content-Security-Policy=[frame-ancestors 'self'], WWW-Authenticate=[Basic realm="protected-area", OAuth realm="[url]"], Content-Length=[-1]}
Response body:<html>

<title>Unauthorized (401)</title>


<!--[if IE]><![endif]-->
<script type="text/javascript">
(function() {
var contextPath = '';

function printDeprecatedMsg() {
if (console && console.warn) {
console.warn('DEPRECATED JS - contextPath global variable has been deprecated since 7.4.0. Use `wrm/context-path` module instead.');

... (there is more but don't think that's relevant)

The only way I can get it to work currently is to get the atlassian.xsrf.token Cookie and use that, but for an automated application this is not feasible to use.

Do we need to change something in our nginx configuration to allow for the authorization headers to come through?

1 answer

1 accepted

0 votes
Answer accepted

It has been resolved. It turns out the 'Basic' in the authorization header is case sensitive.

Suggest an answer

Log in or Sign up to answer
Community showcase
Posted in Jira Software

Presenting the "Best of 2020" Jira Software roundup!

Catch up with Atlassian Product Managers in our 2020 Demo Den round-up! From Advanced Roadmaps to Code in Jira to Next-Gen Workflows, check out the videos below to help up-level your work in the new ...

4,374 views 5 15
Join discussion

Community Events

Connect with like-minded Atlassian users at free events near you!

Find an event

Connect with like-minded Atlassian users at free events near you!

Unfortunately there are no Community Events near you at the moment.

Host an event

You're one step closer to meeting fellow Atlassian users at your local event. Learn more about Community Events

Events near you