Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Products
See all
Community resources
Interests
See all
Community resources
Top groups
Explore all groups
Community resources

Next challenges

Recent achievements

  • Global
  • Personal

Recognition

  • Give kudos
  • Received
  • Given

Leaderboard

  • Global

Trophy case

Kudos (beta program)

Kudos logo

You've been invited into the Kudos (beta program) private group. Chat with others in the program, or give feedback to Atlassian.

View group

It's not the same without you

Join the community to find out what other Atlassian users are discussing, debating and creating.

Sign up for free Log in
Atlassian Community Hero Image Collage

Not able to access JIRA API's (Issue does not exist or you do not have permission to see it) Edited

Tanuj Gupta
Tanuj Gupta I'm New Here Dec 19, 2020

Hi,

I am unable to get the result for JIRA API using postman. It is always telling me this error "Issue does not exist or you do not have permission to see it.". It is a trail tenant of JIRA.

In Posman, I tried using BasicAuth option by providing username and password (Password is the generated API Token).

 

Also I passed manually the header for "Authorization: Basic base64encode(<username>:<api_token>)" in HTTP request but that also failed. Can someone please help.

JIRA Error.JPG

Answer
Watch
Like Be the first to like this
149 views

1 answer

0 votes
Earl McCutcheon
Earl McCutcheon Atlassian Team Dec 21, 2020

Hello @Tanuj Gupta ,

Thanks for reaching out, and I tested the call on postman without issue, so this should be working and is most likely a formatting issue on the Auth details in the call or permissions on the instance for the user.

The error message you are receiving:  

"Issue does not exist or you do not have permission to see it."

Is indicating a permission or access error, however, there could be a few different sources for it, as noted in the documentation for the endpoint HERE "This operation can be accessed anonymously."  so this is a generic error for any time portion of the auth chain conflicts there is a read issue occurring, where the server responds generically to not give back too much information about the authorization details used for security reasons.   i.e.: a malicious actor could do a brute force of calls against an endpoint to attempt to verify the existence of an account for follow-up actions so the details about the authorization are intentionally vague.

The things to check are:

  1. Can the user access the issue from the UI? Check permissions in the instance
    1. if not set Project permissions for that user

    2. Permissions required:

  2. Is the username in an email format and is the email address valid?
    1. Check the username is formatted correctly as the user's e-mail used to log into Jira and is a valid user on the system
  3. The Password should be the API token when using basic auth
    1. I recommend going to https://id.atlassian.com/manage-profile/security/api-tokens and revoking the existing token and generating a new one to make sure there is no conflict in the API token directly

Check these items out and let me know if you are still having an issue

Regards,
Earl

View More Comments
Tanuj Gupta
Tanuj Gupta I'm New Here Dec 21, 2020 • edited

Hi @Earl McCutcheon ,

Many thanks and thank you from the response. I am the administrator of JIRA, so I guess I am having the access of the issue.

Please note that I am using the gmail account email address.

As per your suggestion, I also logged-in using my username email address and I can browse the issue in UI successfully but still in Postman and even in NodeJS it is throwing the same error.

RestAPICall.JPG

RestAPICall.JPG

I also checked the username I am logged in using "My Profile" and it is having the same email address as I am giving to Postman or NodeJS.

Also when I am looking into Token ID, it is always telling me "Never Accessed"

RestAPICall.JPG

Can you suggest if I am correct or wrong?

Like
Earl McCutcheon
Earl McCutcheon Atlassian Team Dec 31, 2020

Hello @Tanuj Gupta ,

Thanks for the additional details and the screenshots, and first up having Global administrator permissions do not necessarily mean that you can see all issues, But as you can see the issue in the Browser then this is not the case and the permissions are correct to see the issue so all is good there. but just as a reference point details on project permissions can be seen in "Manage project permissions", but on a free plan do note that permissions cannot be edited and are locked out, but you can still check the permissions which is helpful if you run into any issues during migration between a paid instance or a server instance to the free platform as there are a few scenarios where the permissions can cause a lockout as they are not editable once converted to the free plan.

The next point comes from the last screenshot where the API token "MyDevTest" is showing as "Never Accessed" which indicates that the input of this token from Postman and the attempt from the HTTP request using the BASE64 encoded username had the token fail or is not using the correct format so the token was never truly accessed.

In Postman using the username and password directly the formatting for this should not have any whitespace, either leading or trailing, check to make sure that the two fields don't have any extra spaces that may have been inadvertently copied over in front of or after the input string. 

As for BASE64 encoding on the value additional details can bee seen in the following document but the format for generating this in Windows or a Linux/Unix/MacOS systems would be as follows:

Windows:

$Text = ‘user@example.com:api_token_string’ $Bytes = [System.Text.Encoding]::UTF8.GetBytes($Text) $EncodedText = [Convert]::ToBase64String($Bytes) $EncodedText

Linux/Unix/MacOS:

echo -n user@example.com:api_token_string | base64

Also as mentioned in the KB above, you may have triggered a CAPTCHA.  Try logging out and back into your Jira instance to see if the CAPTCHA is enabled as it may have been triggered from previous formatting issues in the input strings causing multiple failed login attempts, where your current connected user session in the browser is still intact via a verified token but the subsequent Postman calls are getting blocked with the new login attempts behind a captcha.

Regards,
Earl

Like
Reply

Suggest an answer

Log in or Sign up to answer
Jira Software
Jira Software
DEPLOYMENT TYPE
CLOUD
PRODUCT PLAN
FREE
TAGS
Community showcase
Chase Wilson
Chase Wilson
Published in Jira

Announcing the waitlist for Jira Work Management

Hey there Cloud Community members! We’re excited to give you the first glimpse of the new home for business teams on Jira — Jira Work Management. Jira Work Management is the next generation of J...

153 views 3 7
Read article

Community Events

Connect with like-minded Atlassian users at free events near you!

Find an event

Connect with like-minded Atlassian users at free events near you!

Unfortunately there are no Community Events near you at the moment.

Host an event

You're one step closer to meeting fellow Atlassian users at your local event. Learn more about Community Events

Events near you