Showing results for 
Search instead for 
Did you mean: 
Sign up Log in

Earn badges and make progress

You're on your way to the next level! Join the Kudos program to earn points and save your progress.

Deleted user Avatar
Deleted user

Level 1: Seed

25 / 150 points

Next: Root


1 badge earned


Participate in fun challenges

Challenges come and go, but your rewards stay with you. Do more to earn more!


Gift kudos to your peers

What goes around comes around! Share the love by gifting kudos to your peers.


Rise up in the ranks

Keep earning points to reach the top of the leaderboard. It resets every quarter so you always have a chance!


Come for the products,
stay for the community

The Atlassian Community can help you and your team get more value out of Atlassian products and practices.

Atlassian Community about banner
Community Members
Community Events
Community Groups

403 Forbidden on POST method of /rest/api/2/issue however get works



I am using the /rest/api/2/issue API of JIRA. I am successfully able to use Get for below URL

but i get 403 forbidden error on POST with basic authentication which i used in GET method.

The POST method works absolutely fine on curl command.


Please help.




8 answers

1 accepted

9 votes
Answer accepted

If it works with curl, what is different about the call you are making with whatever is failing?


Only the client is different, i fire the Curl command from Linux command line which works fine, but when try to hit the API using the AJAX jquery call (using the same authenticatio), i get 403 forbidden error

attached is my JS File, i have intentionally hidden the password here




I don't know enough about javascript to help you with that, but it must be the call in that trying to do the wrong thing.

What was the solution? I've currently a similar issue in a CORS scenario - so GET's against the API work but a POST to create a new issue throws a 403...

Like Gunnar Bachmann likes this

I too got the same error 403 forbidden error when trying to access rest-api using POST/PUT method and my code was as follows,

AP.require(['request'], function(request) {
url: '',
type: 'POST',
contentType: 'application/json',
data: {
"fields": {"description": "testing"}
beforeSend: function (xhr) {
xhr.setRequestHeader ("Authorization", "Basic " + btoa(" user : password "));
success: function(response) {
error: function (response) {
alert('fail... ');

Did you get any idea to fix the 403() status response. How, to overcome this and edit an existing issue using rest api with POST method. 

And also have questioned regarding Edit and Update issues here.

Or if using CURL can fix this error, how to use this code based on CURL code within request.

Like Yash Tank likes this

Can you check the scopes object in your atlassian-connect.json file? I ran into this same issue and found out I only had the READ scope by defailt. I added WRITE scope as well and it worked like a champ.

"scopes": [ "READ", "WRITE" ]

Also, be sure to update your script to use the new AP.request method as the one listed above is deprecated. See docs here


Hope that helps!

Thanks, Daniel. I got the same error because of this reason. I added WRITE scope and now It works well. 

I added 

"scopes": [ "READ", "WRITE" ]

and for me it works well too 

Hello @Pavel Naydanov  

I'm using free cloud server and her is my connect descriptor here. Do you have any suggestion, I'm still getting this error 


Has anyone solved this issue? I'm also having the same problem. The curl command works completely fine, however when I try POST method with the same credentials and same datas on my code, it returns 403.

Hi, I'm also having this issue. 

I can make the POST call work in Postman. But when I try to do it as an AJAX call I get a 403 Forbidden error. 

Would be great to hear if someone has solved this issue. 

Is the payload of your AJAX call identical to the POST?

Yep, I even tried copy & pasting directly out of Postman. 

The error just says "403 (Forbidden)". Here's the code below: 

var requestBody = {
"fields": {
"summary": "Kevin Test",
"description": "Description Test",
"project": {
"id": "13104"
"issuetype": {
"id": "7"
"components": [
"id": "20720"
"customfield_12213": "2019-04-22"

var settings = {
"async": true,
"crossDomain": true,
"url": "",
"method": "POST",
"headers": {
"Authorization": "Basic xxxxx=",
"Content-Type": "application/json",
"cache-control": "no-cache"
"data": requestBody

$.ajax(settings).done(function (response) {

Not sure, but you can try passing User-Agent header. 

I got this error, and was solved with header

User-Agent: MyAgent (Insomnia)

Hello @Kevin Cassidy  

I got the same issue with you, Did you solve your problem? please suggest 



Hi @Nguyen Quach , it turned out the domain needed to be whitelisted by a Jira admin. Once this was done, it worked perfectly :)

Does Jira cloud support the whitelist configuration? 

@Kevin Cassidy 

How can we configure whitelisted? 

Instructions can be found here:


Once we added the specific domain here, then I no longer received the 403 error and my API calls started working successfully. 

Hello @Kevin Cassidy  

I'm using Jira Cloud, does it different? 


Hi @Hung Quoc - I've no idea to be honest! Sorry I can't be of more use. 

March 2018

This issue also occurs with using `/rest/auth/latest/session`. This is using AP.request to send the AJAX call (so CORS is not a factor).

* POST request with {username, password} json data

* with or without header Basic Auth, JWT auth


But the same POST request works with Postman (with only content-type json in the header).

I'm still having this same issue. I don't think user credentials are the issue, as making GET requests, and POST requests via CURL both work fine with the same credentials. Making the call via AJAX for what it's worth. Any ideas?

Is anyone having the answers to the questions posted above. I am having the same issue.

I'm sure they discovered that they were not providing the right user details.  This is the usual pattern when a discussion about 404's over REST stops with no-one making follow-up comments.

Can you please try "data: JSON.stringify(sendInfo)". I am not sure here but you can try.

sorry but it gives me the same error

Also the URL i hitting expects a JSON in the request

Suggest an answer

Log in or Sign up to answer