jira server api anonymous access

Hüseyin Çam April 1, 2021


in Our jira server, some rest api ( add below ) can be reached anonymous. we want to reach with only authentication. how can we solve the issue ?


the anonymous reaching api;





2 answers

1 accepted

4 votes
Answer accepted
Kurt Klinner
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
April 1, 2021

Hi Hüseyin

i do not think that there is a out of the box solution to enforce authentication for the mentioned endpoints

The only REST resources that allow such kind of access are those that are meant for anonymous access.  These have to be explicitly marked with @AnonymousAllowed or they will automatically reject any anonymous request. In addition i think that some endpoints need to be accessible before any authentication might take place (not sure if that is the case for the ones you listed, but i could think of some scenarios= 


One option you could think of would be to block them explicitly on the load balancer (if in use) at least for access from the internet.


Looking at the first rest call, the information returned is related to the configured app links, which could also be extracted from the WebUI

Screenshot 2021-04-02 at 07.50.43.png



Hüseyin Çam April 1, 2021

Hi Kurt 

For first api call is as you said. But other api calls can be reached with authentication at WebGUI. so we need to reach with authentication.


Roberto Ialino May 31, 2021

Hi @Hüseyin Çam , sorry. How you resolved please ? Thanks a loto for the info. We have the same problem. Have you blocked directly on the load balancer ?

Like Hüseyin Çam likes this
Roberto Ialino May 31, 2021

Thanks a lot

Roberto Ialino May 31, 2021

Hi @Hüseyin Çam please consider that also /rest/api/2/dashboard?maxResults=100 is open

Like Hüseyin Çam likes this
0 votes
Ananjan_miniOrange March 19, 2024

Hi @Hüseyin Çam 

I know it's a bit late, but I stumbled upon your post today and wanted to drop a quick comment.

I'm Ananjan from the miniOrange team. Just wanted to share that we have an app in the Atlassian marketplace that can help you easily address this use case. If you are interested feel free to check the app here: Enhance API Security for Jira REST APIs with OAuth/API Token | Atlassian Marketplace


Suggest an answer

Log in or Sign up to answer
AUG Leaders

Atlassian Community Events