Create
cancel
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Deleted user
Level
0 / 0 points
Next:
badges earned

Your Points Tracker
Challenges
Leaderboard
  • Global
  • Feed

Badge for your thoughts?

You're enrolled in our new beta rewards program. Join our group to get the inside scoop and share your feedback.

Join group
Recognition
Give the gift of kudos
You have 0 kudos available to give
Who do you want to recognize?
Why do you want to recognize them?
Kudos
Great job appreciating your peers!
Check back soon to give more kudos.

Past Kudos Given
No kudos given
You haven't given any kudos yet. Share the love above and you'll see it here.

It's not the same without you

Join the community to find out what other Atlassian users are discussing, debating and creating.

Atlassian Community Hero Image Collage

Jira API via Postman and Basic Auth is unauthorized 401

Hello together, 

today afternoon I tried to connect to my REST-API of Jira Server 8.13.3. 

I get this as response, using Postman with Basic Auth.:

<html>

<head>
<title>Unauthorized (401)</title>

 


<!--[if IE]><![endif]-->
<script type="text/javascript">
(function() {
var contextPath = '/jira';

function printDeprecatedMsg() {
if (console && console.warn) {
console.warn('DEPRECATED JS - contextPath global variable has been deprecated since 7.4.0. Use `wrm/context-path` module instead.');
}
}

Object.defineProperty(window, 'contextPath', {
get: function() {
printDeprecatedMsg();
return contextPath;
},
set: function(value) {
printDeprecatedMsg();
contextPath = value;
}
});
})();

</script>
<script>
window.WRM=window.WRM||{};window.WRM._unparsedData=window.WRM._unparsedData||{};window.WRM._unparsedErrors=window.WRM._unparsedErrors||{};
WRM._unparsedData["com.atlassian.plugins.atlassian-plugins-webresource-plugin:context-path.context-path"]="\"/jira\"";
WRM._unparsedData["jira.core:feature-flags-data.feature-flag-data"]="{\"enabled-feature-keys\":...
WRM._unparsedData["com.atlassian.jira.project-templates-plugin:project-templates-plugin-resources.ptAnalyticsData"]="{\"instanceCreatedDate\":\"2011-07-08\"}";
WRM._unparsedData["com.atlassian.jira.plugins.jira-dnd-attachment-plugin:dnd-issue-drop-zone.thumbnail-mime-types"]="\"image/vnd.wap.wbmp,image/png,image/x-png,image/jpeg,image/bmp,image/gif\"";
WRM._unparsedData["com.atlassian.jira.plugins.jira-dnd-attachment-plugin:dnd-issue-drop-zone.upload-limit"]="\"52428800\"";
WRM._unparsedData["com.atlassian.jira.ext.calendar:tipDataProvider.tip"]="{\"suppressTip\":false}";
WRM._unparsedData["jira.core:user-message-flags-data.adminLockout"]="{}";
WRM._unparsedData["com.atlassian.plugins.helptips.jira-help-tips:help-tip-manager.JiraHelpTipData"]="{\"anonymous\":true}";
if(window.WRM._dataArrived)window.WRM._dataArrived();
...


<meta name="application-name" content="JIRA" data-name="jira" data-version="8.13.2">
</head>

<body id="jira" class="aui-layout aui-style-default page-type-message " data-version="8.13.2">
<div class="aui-page-panel">
<div class="aui-page-panel-inner">
<main role="main" id="main" class="aui-page-panel-content">
<div class="aui-page-header">
<div class="aui-page-header-inner">
<div class="aui-page-header-main">
<h1>Unauthorized (401)</h1>
</div>
</div>
</div>
<div class="aui-message aui-message-warning warning">
<p>Encountered a <code>&quot;401 - Unauthorized&quot;</code> error while loading this page.</p>
<p>Basic Authentication Failure - Reason : OK</p>
<p><a href="/jira/secure/MyJiraHome.jspa">Go to Jira home</a></p>
</div>
</main>
</div>
</div>
</body>

</html>

 

Maybe anyone can help. Strange is that the problem came in the afternoon. So we didn't change something and tested it this morning and it worked fine there. 

 

Thank you guys

2 answers

0 votes
Daniel Eads Atlassian Team Apr 07, 2021

Hi @Tobias ,

A 401 error will occur if the credentials being passed to Jira Server in the API call's headers aren't valid, or if the user doesn't have permission to use the endpoint being called. 

I can see you've pasted the source of the unauthorized page, but would you be able to do the following?

  1. Check that the credentials are still there in Postman for the username/password you're trying to pass in
  2. Confirm in Jira's web interface that the credentials you're using in Postman can actually log in to Jira on the frontend (this ensures the credentials are correct and that the account is not disabled)
  3. What's the exact endpoint that you're trying to get to in your API call? It's possible there are permissions that are no longer granted to the particular user you're passing, and we can help figure out how to check the permissions if we know which endpoint is being called

Cheers,
Daniel

Hi @Daniel Eads 

thanks for your help. We have kind of intranet before our Jira instance but this didn't produce any impact on our side. 
I have got administrator rights in our Jira instance, so this couldn't be the problem. The endpoint is the following: https://<BASE-URL>/jiraTest/rest/api/2/issue (staging environment) with a POST statement and a body with some raw json-statement. 
So i just wanted to test the API call with some json body. This worked last week but today it doesn't work anymore. 

 

Some also told me to check if the URL (https://<BASE-URL>/jiraTest/rest) is reachable. But it seems to be a dead link. 

Daniel Eads Atlassian Team Apr 09, 2021

The endpoint:

https://<BASE-URL>/jiraTest/rest/api/2/issue

is valid as you've listed, assuming you can access the Jira Server instance at https://<BASE-URL>/jiraTest/ and log in there using the same account.

The documentation for Create Issue (a POST request on the /issue endpoint) notes that you'll receive a 400 rather than a 401 if you're missing a required field for a particular issue type. There's always a possibility of not having the right body when submitting a POST, although that doesn't seem to be the case here yet as the 401 indicates a general permission error.

What you might consider trying is a GET for an issue you know you can access with that account in the web interface - for example:

GET https://<BASE-URL>/jiraTest/rest/api/2/issue/TEST-123

 

That might help hone in on what seems to be problematic. If you can see that issue in Jira with that account but the GET still gives permission denied, I'd try double-checking how Postman is configured to send Basic Auth for the request (for example, if it's trying to use globally-saved permissions rather than ones you're setting on that specific request tab). You can also try curl from the command line as a "what if it's Postman that's causing problems?" check.

Have you looked at https://developer.atlassian.com/cloud/jira/platform/basic-auth-for-rest-apis/#get-an-api-token ? We needed to do at least a couple steps to get our Postman calls working with Jira REST API:

  1. Go through that step to create Basic Authentication Authorization token for your API calls to use
  2. Make sure that the User who created that token has permissions inside Jira on the Project(s) you want the API to work for
  3. Make sure Jira permissions are set up in general to allow Read or whatever CRUD you need in API communication
  4. Add 2 Headers to our Postman GET call:
    1. Authorization: "Basic placeyourtokenhere"
    2. Cookie: atlassian.xsrf.token=...

I am not remembering where we got the specifics of the `atlassian.xsrf.token` from but I found these two articles that might help:

https://confluence.atlassian.com/bamkb/rest-api-calls-fail-due-to-missing-xsrf-token-899447048.html

https://confluence.atlassian.com/stashkb/xsrf-security-token-missing-529661980.html

Hey @Alex Chousmith thanks for your response. I am using Jira Server. So is this also relevant for my current problem?

Suggest an answer

Log in or Sign up to answer
TAGS
Community showcase
Published in Jira Service Management

ThinkTilt is joining the Atlassian Family!

This morning, Atlassian announced the acquisition of ThinkTilt , the maker of ProForma, a no-code/low code form builder with 700+ customers worldwide. ThinkTilt helps IT empower any team in their or...

254 views 16 17
Read article

Community Events

Connect with like-minded Atlassian users at free events near you!

Find an event

Connect with like-minded Atlassian users at free events near you!

Unfortunately there are no Community Events near you at the moment.

Host an event

You're one step closer to meeting fellow Atlassian users at your local event. Learn more about Community Events

Events near you