Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Products
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Getting 403 - Permission Denied through Jira REST API POST request.

Dustin
Dustin February 21, 2018

I'm trying to make a post request to perform a transition (transition issue to Done), but it keeps giving me a 403 error. I don't think this is a permissions error (ironically), as I am able to make GET requests with the same Auth info, and I can make the exact POST request via CURL just fine. What is it about making the POST request through AJAX that causes the 403?

Answer
Watch
Like Be the first to like this
19007 views

1 answer

1 vote
Thomas Deiler
Thomas Deiler
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
Become a leader
February 21, 2018

Dear @Dustin,

can you please post the JSON errorMessage?

So long

Thomas

View More Comments
Dustin
Dustin February 21, 2018 
{
  "readyState":4,
  "responseText":"XSRF check failed",
  "status":403,
  "statusText":"error" 
}
Like
Dustin
Dustin February 21, 2018

@Thomas Deiler ^^

Like
Thomas Deiler
Thomas Deiler
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
Become a leader
February 22, 2018

Dear @Dustin,

you have to add headers:

"Content-Type", "application/json"

"accept", "application/json"

"X-Atlassian-Token", "nocheck"

So long

Thomas

Like Harinath T likes this
Dustin
Dustin February 22, 2018

Hey @Thomas Deiler, I tried those headers, still getting same response. According to this article: https://confluence.atlassian.com/cloudkb/xsrf-check-failed-when-calling-cloud-apis-826874382.html, you can't make XSRF protected requests through the browser. Do you think that's the case here?

Like
Thomas Deiler
Thomas Deiler
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
Become a leader
February 22, 2018

Dear @Dustin,

the article describes exactly the case with the REST Api. They just add the third header and leave the others away. Can you check this?

So long

Thomas

Like
Dustin
Dustin February 22, 2018 
Note that this is only available for requests made by command line tools
or external systems, not browser requests. This is because the
Cross Origin Resource Sharing specification does not allow JavaScript 
loaded in third party websites to set arbitrary request headers.

So this only helps for CURL, not Javascript code? Because it does work with curl. Or am I missing something @Thomas Deiler

Like
Thomas Deiler
Thomas Deiler
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
Become a leader
February 22, 2018

Dear @Dustin,

this has nothing to do with curl or anything else. Regardless with which library you communicate with the REST API, you have to follow the rules of the API - that's same for all. Otherwise it wouldn't be an API.

So long

Thomas

Like
Thomas Deiler
Thomas Deiler
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
Become a leader
February 25, 2018

Dear @Dustin,

have you been successful meanwhile?

So long

Thomas

Like
zzw8200465323
zzw8200465323 June 5, 2019

I also encountered the same problem@Thomas Deiler 

Like
zzw8200465323
zzw8200465323 June 5, 2019 
const httpClient = await addon.httpClient({ addon: addon, clientKey: '5d5659b6-09f0-3482-bfa2-0405c4818f1e' }); 
httpClient.del({ url: 'rest/api/3/project/10002', 
headers: { 
'Accept': 'application/json', 
'Content-Type': 'application/json', 
'X-Atlassian-Token': 'nocheck' } }, 
(err, response, body) => 
{ res.send(`body = ${body}`);  });
//403

 @Thomas Deiler  

The same, I can get data using get request

const httpClient = await addon.httpClient({ addon: addon, clientKey: '5d5659b6-09f0-3482-bfa2-0405c4818f1e' }); 
httpClient.get('rest/api/3/mypermissions', function (err, response, body) { res.send(`body = ${body}`); });
//success
Like
Brandon Miller
Brandon Miller June 14, 2019

Any updates on this one? I'm running into the same thing. I'm able to get my POSTs working v ia Postman, but I'm trying to create a Microsoft Flow connector and it keeps throwing the XSRF check failed error

Like
Thomas Deiler
Thomas Deiler
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
Become a leader
July 13, 2019

Dear @Brandon Miller  and @zzw8200465323 ,

can you please post the JSON dump that is sent to Jira, that is causing the problems?

So long

Thomas

Like
Like
Like
Thomas Deiler
Thomas Deiler
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
Become a leader
July 15, 2019

@zzw8200465323 good! With your link information the question seems to be answered. Can you mark it?

Thanks

Thomas

Like
Reply

Suggest an answer

Log in or Sign up to answer
Jira
Jira Software
TAGS
AUG Leaders

Atlassian Community Events

    See all events