Come for the products,
stay for the community

The Atlassian Community can help you and your team get more value out of Atlassian products and practices.

Atlassian Community about banner
4,300,031
Community Members
 
Community Events
165
Community Groups

Getting a 401-Unauthorized Error on REST APi In one App and other works good

I have successfully obtained my auth access_token from https://auth.atlassian.com/oauth/token

 

{
"access_token": "****",
"refresh_token": "****",
"scope": "read:jira-work read:jira-user read:me read:account offline_access",
"expires_in": 3600,
"token_type": "Bearer"
}
However when I try something like
curl --location --request GET 'https://subdomain.atlassian.net/rest/api/3/issue/TICKET-KEY' \

--header 'Authorization: Bearer ***' \

--header 'Cookie: atlassian.xsrf.token=*****'
I get
Encountered a 401 - Unauthorized error while loading this page.
On the other hand, I have success trying this one
 
curl --location --request GET 'https://api.atlassian.com/me' \
--header 'Authorization: Bearer ****'

Any suggestion of what I'm doing wrong? I have another integration which is working perfecto and has the following scope
"scope": "read:jira-work read:jira-user offline_access",

 

 

Any help will be very appreciated.

2 answers

0 votes

Hi @mantrax314 and welcome to the community! Just for future reference, you should post questions like these over on the Developer Community forums: https://community.developer.atlassian.com.

But since we're all here already, I'll try to provide some guidance. You've built an OAuth 2 3LO app, correct? If so, the docs here (https://developer.atlassian.com/cloud/confluence/oauth-2-3lo-apps/) state that you need to make a call using the cloudId of your site. Jump down to section 3 of the doc page above.

The API call to your Jira instance should look something like this:

curl --request GET \
       --url https://api.atlassian.com/ex/jira/cloudId/rest/api/3/issue/TICKET' \
       --header 'Authorization: Bearer *****' \
       --header 'Accept: application/json'

TL;DR: You can only make API calls to yoursite.atlassian.com if you're using basic auth with an API token, or from your browser with a cookie-based session. OAuth 2.0 3LO apps need to use the cloudId.

Hope this helps!

Thank you for all your help Neil

The weird part of this is I am able to retrieve the ticket information using the same endpoints but using a different app authentication.

Neil Atlassian Team Oct 19, 2021

The weird part of this is I am able to retrieve the ticket information using the same endpoints but using a different app authentication.

Indeed. As I said in that last paragraph, you can call yoursite.atlassian.com if you're using basic auth (with token) or through your browser with cookie-based session auth.

If your app is an OAuth 2 3LO-based app, you need to make API calls through api.atlassian.com/ex/jira/cloudId instead. 

Thanks for this Neil, I have been looking for this solution all morning!

On the documentation page for version 3 REST it still documents using yoursite.atlassian.com as the host, rather than specifying the cloud ID.

It might be worth looking into updating the documentation as if basic auth is deprecated and this hosting type is only used on basic auth I think any continued reference of hosts without the cloud id is gonna cause further confusion.

Either way. I appreciate your comment as it's helped greatly!


Token kimi

Suggest an answer

Log in or Sign up to answer
TAGS

Community Events

Connect with like-minded Atlassian users at free events near you!

Find an event

Connect with like-minded Atlassian users at free events near you!

Unfortunately there are no Community Events near you at the moment.

Host an event

You're one step closer to meeting fellow Atlassian users at your local event. Learn more about Community Events

Events near you