For Jira REST api endpoints with OAuth2.0 authorization, getting 401 sometimes

Madhura Lodam June 21, 2024

Hi Team,
I am using JIRA REST api with 3LO Oauth2.0 , the api works fine usually. But sometimes I am getting 401 Unauthorised error from Jira even when passing a correct token. 

 

After sometimes it works by its own, and gives 200 OK.

 

What do you suggest in this case, what must be going wrong , and how should I handle this?

Any help would be greatly appreciated!!

Thank you,
Madhura

1 answer

0 votes
Melo
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
June 23, 2024

Hi @Madhura Lodam, this sounds like you're reaching Jira rate limiting.

You can find more information about it here: https://developer.atlassian.com/cloud/jira/platform/rate-limiting/

I hope that helps.

Cheers,

Melo

Madhura Lodam June 25, 2024

Hello @Melo , thanks for responding to my query.

I have a question , if its rate limiting , why am I getting 401 Unauthorised instead of 429 with rate limiting error responses?

 

I read the article you provided in the comment , but got a bit confused, it says on an average 10 calls per second

I would need a little help here in understanding the scaling for user section.

Scaling by users

It is important to understand how to design and implement your app in order to ensure it is able to scale for tenants with large numbers of users.

Let’s say we have the following conditions/assumptions:

  • “App” cost budget = 10 calls per second.
  • “App + user” cost budget = 10 calls per second.
  • An app is installed in a tenant with 100 active users.
  • The app reacts to a particular type of user action (e.g. view an issue) in such a way that it makes 1 REST API call for each action.
  • Each user in the tenant performs this action once per 10 seconds.

In the above scenario, the app will be making 100 users * 1 request / 10 seconds = 10 REST API calls per second.

If the app is making the API call in such a way that it counts against the “App” cost budget, then all API calls will be evaluated against the single “App” cost budget of 10 calls per second which means it will be on the brink of being rate limited.

Alternatively, if the app is making the API call in such a way that it counts against the “App + user” cost budget, the API calls will be evaluated against 100 separate “App + user” cost budget contexts of 10 calls per second each. The app will therefore only be making 0.1 calls per second against each of these “App + user” cost budget contexts which is well within the cost budget of 10 calls per second.

The key guideline here is that in order for an app to scale by the the number of users in a tenant, it must be coded such that user activity results in API calls made against the “App + user” cost budget rather than the “App” cost budget.

 

I have one OAuth2.0 3LO app which access jira on behalf of one user(jira user). However I am integrating jira rest with Mulesoft API , so the users for the mule API are multiple.

How should I calculate the rate limit here , if the issue I am getting is because of rate limiting?

 

Thank you,

Madhura

 

Melo
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
June 25, 2024

Hi @Madhura Lodam,

That's right, rate limiting usually results in a 429 error. However, if the app is throttled, sometimes it can cause temporary authentication issues. This is based on my own experience, which is why I thought that might be the issue.

Just out of curiosity, have you opened a request with Atlassian? They can explain the rate limiting better than I can and help you troubleshoot the problem.

You can contact Atlassian support here: https://support.atlassian.com/contact/#/

For any problem that's intermittent, it's important to trace patterns to help you narrow down the potential causes. Analyze your API logs to identify when the issues occur and any common factors. Look for patterns such as the time of day when the errors occur, the number of API calls being made at the time, the specific endpoints being accessed, and any recent changes in your environment or configurations. This detailed logging and analysis can help pinpoint whether the issue is due to rate limiting, authentication, or other factors.

Thanks,

Melo

Suggest an answer

Log in or Sign up to answer
DEPLOYMENT TYPE
CLOUD
PRODUCT PLAN
PREMIUM
TAGS
AUG Leaders

Atlassian Community Events