403 forbidden error when using POST method to access rest api for Editing existing issue

Hari Prasath P September 19, 2017

I want to edit a field of an existing issue using rest api within request. I can acces GET method easily and get the data using rest api, but cannot access PUT/POST method(got 403()). So have added the following code,

AP.request({
type: 'POST',
contentType: 'application/json',
dataType: 'json',
data: {"fields": {"description": "testing"}},
url: 'https://mysite.atlassian.net/rest/api/2/issue/XYZ-5',
beforeSend: function (xhr){
xhr.setRequestHeader('Authorization', 'basic: '+ base_auth(user, password));
},
success: function (response) {
alert("success");
},
error: function (data, status, error) {
alert("failed");
console.log('error', data, status, error);
}
});

function base_auth(user, password)
{
var loginDetail = user + ':' + password;
var tag = btoa(loginDetail);
return "Basic " + tag;
}

 

But, while using this i get the same error 403() not permitted and also beforeSend code does not get hit.

Already, have posted question regarding Edit and Update issue here.

If using CURL code can fix this issue, can you please suggest how to use the CURL code within request with a sample code.

2 answers

1 accepted

1 vote
Answer accepted
Matthias Gaiser _K15t_
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
October 25, 2017

Hi Hari,

usually, you don't have to provide authentication headers when you use the AP.request method, see also the docs for this.

It might be the problem that you didn't specify the corresponding scope, you'd need the WRITE scope for this one, see also the docs here.

Cheers,
Matthias

Hari Prasath P October 25, 2017

Hi Matthias,

Yes, I have added WRITE option in scopes and got the issue fixed already. Thanks a lot for your response.

Cheers,

Hari

0 votes
Nilay March 8, 2018

Hello Hari,

I'm having the same issue however I don't completely understand how did you solve the problem. Can you explain how did you solve this?

Cheers,
Nilay.

Hari Prasath P March 9, 2018

Hi Nilay,

I have found a solution and works fine in cloud based connect add-on. Before working refer to 'Edit Issue' content in this docs.

To make an HttpRequest to the host product use AP.request method.

Then add WRITE scope in your atlassian-connect.json file. Here is the docs for adding scope.

Here is the sample code of giving request,

AP.request({
url: 'https://your-domain.atlassian.net/rest/api/2/issue/{issueIdOrKey}',
type: 'PUT',
data: //put your data here as shown in the docs,
contentType: 'application/json',
success: function (response) {
//your code
},
error: function () {
//your code
}
}); 

 

Cheers,

Hari

Kin August 11, 2020

It appears  POST or PUT requests using AP.request always results in 403 before reaching the route of the connect app, despite configuring the scope and adding an Authorized JTW heading.

However when using a GET request with AP.request, I did reach the route of the connect app. From then on, try to create a post request within.

Then I was thinking... what is wrong with the POST/PUT in AP.request?


However... I did manage to call the post function in index.js by using a post request with ASJ.$.ajax. There I have added headers: {"Authorization": "JWT " + jwt_token}.

On the index.js side: 

app.post('/your-path', addon.checkValidToken(), async (req, res) => {
...
});

Suggest an answer

Log in or Sign up to answer