Showing results for 
Search instead for 
Did you mean: 
Sign up Log in

Earn badges and make progress

You're on your way to the next level! Join the Kudos program to earn points and save your progress.

Deleted user Avatar
Deleted user

Level 1: Seed

25 / 150 points

Next: Root


1 badge earned


Participate in fun challenges

Challenges come and go, but your rewards stay with you. Do more to earn more!


Gift kudos to your peers

What goes around comes around! Share the love by gifting kudos to your peers.


Rise up in the ranks

Keep earning points to reach the top of the leaderboard. It resets every quarter so you always have a chance!


Come for the products,
stay for the community

The Atlassian Community can help you and your team get more value out of Atlassian products and practices.

Atlassian Community about banner
Community Members
Community Events
Community Groups

Getting 403 Forbidden error while sending GET request using postman

Hi all,

Sending GET request to /rest/api/2/project/{project-id} but keep getting 403 forbidden error with the following message                  

Basic Authentication Failure - Reason : AUTHENTICATION_DENIED


However the url in browser works and renders the response in proper JSON format.


Kindly Help.





2 answers

This error indicates that the server has determined that you are not allowed access to the thing you've requested, either on purpose or due to a misconfiguration . It's probably because the site owner has limited access to it and you don't have permission to view it. The vast majority of the time, there's not much you can do to fix things on your (*client) end. There are three common causes for 403 Forbidden error (server side) . Here they are listed from most likely to least likely:

  • An empty website directory
  • No index page
  • Incorrect settings in the .htaccess file
  • Permission / Ownership error

If authentication credentials were provided in the request, the server considers them insufficient to grant access. The client SHOULD NOT automatically repeat the request with the same credentials. The client MAY repeat the request with new or different credentials. However, a request might be forbidden for reasons unrelated to the credentials.

0 votes
sukkeong Rising Star Feb 23, 2020

Check the username/passsword used. Perhaps there was a typo.

Additionally, the user used for performing the REST call may not have the correct permissions to the project.

Posting the api link in the browser is showing the result succesful in json format. So my user has permissions, but when i request the url from postman or python at the same endpoint , i will get denied as told in the message above. 

Like Rob Fender likes this
sukkeong Rising Star Feb 27, 2020

External applications will need credentials to be provided unless the project is public access not needing any login. So, you need to set your credential into your app or script. Otherwise, the server will reply with a forbidden access.


Web clients keep your session alive through cookies so you do not need to repeatedly provide your credentials.

so what's the use of the API Token you can create for your account?


I can access the GET /wiki/rest/api/content/{id} without any issues from Postman or from pasting the endpoint URL in the browser use the `Authentication: Basic <myToken>` header.


But making the same request from a react app hosted on localhost fails with HTTP 403.



sukkeong Rising Star Dec 11, 2022

@Rob Fender Did you provide the token when performing the request in the app? Unfortunately, I am not familiar how react performs REST calls.

Also, your REST URL is 'wiki'; is this related to confluence, which could be posted in the confluence community as well to get wider reach and help

Suggest an answer

Log in or Sign up to answer