I am using Jira Server v8.14.0 and new feature - Personal access tokens.
Why I got OK(200) when do a REST call with non-existent/invalid Bearer token?
>curl -H "Authorization: Bearer qweqwe" http://localhost:8081/rest/api/2/project
I expected to get an Unauthorize(401) error as for Basic authorization.
I haven't yet tried the Server token, but could it be that your instance allows anonymous access?
With anonymous access, such as https://jira.atlassian.com, you can still browse issues, which means you can browse projects, and hence you should have valid results from the rest endpoint just like you would in the UI.
Again, not tested myself, but anonymous access would make sense to return an empty list. (Even if the token is invalid I suppose.)
Hey there Cloud Community members! We’re excited to give you the first glimpse of the new home for business teams on Jira — Jira Work Management. Jira Work Management is the next generation of J...
Connect with like-minded Atlassian users at free events near you!Find an event
Connect with like-minded Atlassian users at free events near you!
Unfortunately there are no Community Events near you at the moment.Host an event
You're one step closer to meeting fellow Atlassian users at your local event. Learn more about Community Events