Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Products
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Jira API via Postman and Basic Auth is unauthorized 401

Tobias
Tobias April 7, 2021

Hello together, 

today afternoon I tried to connect to my REST-API of Jira Server 8.13.3. 

I get this as response, using Postman with Basic Auth.:

<html>

<head>
<title>Unauthorized (401)</title>

 


<!--[if IE]><![endif]-->
<script type="text/javascript">
(function() {
var contextPath = '/jira';

function printDeprecatedMsg() {
if (console && console.warn) {
console.warn('DEPRECATED JS - contextPath global variable has been deprecated since 7.4.0. Use `wrm/context-path` module instead.');
}
}

Object.defineProperty(window, 'contextPath', {
get: function() {
printDeprecatedMsg();
return contextPath;
},
set: function(value) {
printDeprecatedMsg();
contextPath = value;
}
});
})();

</script>
<script>
window.WRM=window.WRM||{};window.WRM._unparsedData=window.WRM._unparsedData||{};window.WRM._unparsedErrors=window.WRM._unparsedErrors||{};
WRM._unparsedData["com.atlassian.plugins.atlassian-plugins-webresource-plugin:context-path.context-path"]="\"/jira\"";
WRM._unparsedData["jira.core:feature-flags-data.feature-flag-data"]="{\"enabled-feature-keys\":...
WRM._unparsedData["com.atlassian.jira.project-templates-plugin:project-templates-plugin-resources.ptAnalyticsData"]="{\"instanceCreatedDate\":\"2011-07-08\"}";
WRM._unparsedData["com.atlassian.jira.plugins.jira-dnd-attachment-plugin:dnd-issue-drop-zone.thumbnail-mime-types"]="\"image/vnd.wap.wbmp,image/png,image/x-png,image/jpeg,image/bmp,image/gif\"";
WRM._unparsedData["com.atlassian.jira.plugins.jira-dnd-attachment-plugin:dnd-issue-drop-zone.upload-limit"]="\"52428800\"";
WRM._unparsedData["com.atlassian.jira.ext.calendar:tipDataProvider.tip"]="{\"suppressTip\":false}";
WRM._unparsedData["jira.core:user-message-flags-data.adminLockout"]="{}";
WRM._unparsedData["com.atlassian.plugins.helptips.jira-help-tips:help-tip-manager.JiraHelpTipData"]="{\"anonymous\":true}";
if(window.WRM._dataArrived)window.WRM._dataArrived();
...


<meta name="application-name" content="JIRA" data-name="jira" data-version="8.13.2">
</head>

<body id="jira" class="aui-layout aui-style-default page-type-message " data-version="8.13.2">
<div class="aui-page-panel">
<div class="aui-page-panel-inner">
<main role="main" id="main" class="aui-page-panel-content">
<div class="aui-page-header">
<div class="aui-page-header-inner">
<div class="aui-page-header-main">
<h1>Unauthorized (401)</h1>
</div>
</div>
</div>
<div class="aui-message aui-message-warning warning">
<p>Encountered a <code>&quot;401 - Unauthorized&quot;</code> error while loading this page.</p>
<p>Basic Authentication Failure - Reason : OK</p>
<p><a href="/jira/secure/MyJiraHome.jspa">Go to Jira home</a></p>
</div>
</main>
</div>
</div>
</body>

</html>

 

Maybe anyone can help. Strange is that the problem came in the afternoon. So we didn't change something and tested it this morning and it worked fine there. 

 

Thank you guys

Answer
Watch
Like Be the first to like this
14550 views

3 answers

0 votes
Deepak
Deepak October 1, 2021

@Tobias are you able to fix this issue? I'm facing same issue with postman with same error. If you fixed, suggest me how.

Thanks

Reply
0 votes
Alex Chousmith
Alex Chousmith April 7, 2021

Have you looked at https://developer.atlassian.com/cloud/jira/platform/basic-auth-for-rest-apis/#get-an-api-token ? We needed to do at least a couple steps to get our Postman calls working with Jira REST API:

  1. Go through that step to create Basic Authentication Authorization token for your API calls to use
  2. Make sure that the User who created that token has permissions inside Jira on the Project(s) you want the API to work for
  3. Make sure Jira permissions are set up in general to allow Read or whatever CRUD you need in API communication
  4. Add 2 Headers to our Postman GET call:
    1. Authorization: "Basic placeyourtokenhere"
    2. Cookie: atlassian.xsrf.token=...

I am not remembering where we got the specifics of the `atlassian.xsrf.token` from but I found these two articles that might help:

https://confluence.atlassian.com/bamkb/rest-api-calls-fail-due-to-missing-xsrf-token-899447048.html

https://confluence.atlassian.com/stashkb/xsrf-security-token-missing-529661980.html

View More Comments
Tobias
Tobias April 7, 2021

Hey @Alex Chousmith thanks for your response. I am using Jira Server. So is this also relevant for my current problem?

Like
Reply
0 votes
Daniel Eads
Daniel Eads
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
April 7, 2021

Hi @Tobias ,

A 401 error will occur if the credentials being passed to Jira Server in the API call's headers aren't valid, or if the user doesn't have permission to use the endpoint being called. 

I can see you've pasted the source of the unauthorized page, but would you be able to do the following?

  1. Check that the credentials are still there in Postman for the username/password you're trying to pass in
  2. Confirm in Jira's web interface that the credentials you're using in Postman can actually log in to Jira on the frontend (this ensures the credentials are correct and that the account is not disabled)
  3. What's the exact endpoint that you're trying to get to in your API call? It's possible there are permissions that are no longer granted to the particular user you're passing, and we can help figure out how to check the permissions if we know which endpoint is being called

Cheers,
Daniel

View More Comments
Tobias
Tobias April 7, 2021

Hi @Daniel Eads 

thanks for your help. We have kind of intranet before our Jira instance but this didn't produce any impact on our side. 
I have got administrator rights in our Jira instance, so this couldn't be the problem. The endpoint is the following: https://<BASE-URL>/jiraTest/rest/api/2/issue (staging environment) with a POST statement and a body with some raw json-statement. 
So i just wanted to test the API call with some json body. This worked last week but today it doesn't work anymore. 

 

Some also told me to check if the URL (https://<BASE-URL>/jiraTest/rest) is reachable. But it seems to be a dead link. 

Like
Daniel Eads
Daniel Eads
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
April 9, 2021

The endpoint:

https://<BASE-URL>/jiraTest/rest/api/2/issue

is valid as you've listed, assuming you can access the Jira Server instance at https://<BASE-URL>/jiraTest/ and log in there using the same account.

The documentation for Create Issue (a POST request on the /issue endpoint) notes that you'll receive a 400 rather than a 401 if you're missing a required field for a particular issue type. There's always a possibility of not having the right body when submitting a POST, although that doesn't seem to be the case here yet as the 401 indicates a general permission error.

What you might consider trying is a GET for an issue you know you can access with that account in the web interface - for example:

GET https://<BASE-URL>/jiraTest/rest/api/2/issue/TEST-123

 

That might help hone in on what seems to be problematic. If you can see that issue in Jira with that account but the GET still gives permission denied, I'd try double-checking how Postman is configured to send Basic Auth for the request (for example, if it's trying to use globally-saved permissions rather than ones you're setting on that specific request tab). You can also try curl from the command line as a "what if it's Postman that's causing problems?" check.

Like sebastian_gomez likes this
Reply

Suggest an answer

Log in or Sign up to answer
Jira
Jira Software
TAGS
AUG Leaders

Atlassian Community Events

    See all events