How to use API token for REST calls in Python.

Thank you for the answers, how can I get the users any sample python code to get user details who are in cloud Jira account?

Thanks. This worked perfectly.

Page for creating your tokens: 

https://id.atlassian.com/manage/api-tokens#

I was struggling with outh but this solution is easier. Thank you! 

Can you authenticate for multiple servers in the same time? Something like

#!/usr/bin/python3.6

# library modules
from jira import JIRA

user = 'me@here.com'
apikey = 'your0api0key0here'
server1 = 'https://SITE_NAME1.atlassian.net'
server2 = 'https://SITE_NAME2.atlassian.net'

options = {
 'server': [server1, sever2]
}

jira = JIRA(options, basic_auth=(user,apikey) )

(Obviously if the user has access to both)

Is this even possible? Or is there a workaround so it is achievable?

Can anyone help me out on how can I handle invalid username and password entered by the user. Thus, how can handle the calling of JIRA constructor using basic_auth but with wrong credentials ? ( not exception handling)

I confirm the solution works fine!

@Rob Echlin Is it possible that the user isn't an email? I'm trying to authenticate using a an Organization Id and an API key, if not, as I assume it is because I have tried it. How does one fix this situation? https://support.atlassian.com/organization-administration/docs/manage-an-organization-with-the-admin-apis/  this was the guide used to create the API key in case it helps.

Thank you.

Hello @John M 

it gives me this error : AttributeError: module 'jira' has no attribute 'JIRA'

Regards

Karim

Thanks Jhon McGehee.

As mentioned here, should note that this is for Cloud only - Server & Datacenter use a different header (yay!):
https://github.com/pycontribs/jira/issues/993

Since the Python Jira API doesn't yet support personal access tokens directly, for Jira Server & Datacenter a workaround is in this thread:  
https://github.com/pycontribs/jira/issues/989#issuecomment-772683446

TL;DR:

host = "YOUR_JIRA_URL"
pat = "YOUR_PERSONAL_ACCESS_TOKEN"

headers = JIRA.DEFAULT_OPTIONS["headers"].copy()
headers["Authorization"] = f"Bearer {pat}"
jira=JIRA(server=host, options={"headers": headers})

Thanks @Oskar Austegard this worked for me. I have been trying to figure out the way to get the PAT working, and this was the only one that got it going. Kudos!

Perfect @Oskar Austegard ! Nice work.

Thank you sir. I shall give this a go.

Hi Marvin, 

If you use the Jira Python library, just put the key where the password would go.

Example code (worked with my server, user, apikey)

#!/usr/bin/python3.6

# library modules
from jira import JIRA

user = 'me@here.com'
apikey = 'your0api0key0here'
server = 'https://SITE_NAME.atlassian.net'

options = {
 'server': server
}

jira = JIRA(options, basic_auth=(user,apikey) )

ticket = 'KRP-11697'
issue = jira.issue(ticket)

summary = issue.fields.summary

print('ticket: ', ticket, summary)

Standing on the shoulders of giant Rob, here is my version:

import jira

jira = jira.JIRA('https://example.atlassian.net', basic_auth=('username@example.com', 'usernames_api_key'))

# print all of the project keys as an example
for project in jira.projects():
    print(project.key)

Hi @Andy Heinzer

This is for the cloud, doest there is also a way for Jira Server?

Thanks,

Jason

Hi @Jason Huang at the time this was originally created, Jira Server did not have these kinds of tokens.  But in Jira server you could still use the username and password to manage authentication.

Jira 8.14 and higher though, do now have personal access tokens, which function in much of the same way as REST API tokens do in Jira Cloud today.

Hi @Andy, thanks for your response.

I am trying the PAT, but encounter the websudo problem to create a user with the  python-jira package

Do you have any solution for it?

Hey @Jason Huang see the post from @Oskar Austegard above .

Works for me! Thanks a lot!

Not working for me. I'm using v9.4.11

There are a bunch of things that could be wrong... if you want help you need to pop in some more context... Are you running Cloud or DC? What is the error message if any? Are you using Requests (my assumption) or the JIRA module? What call are you making? Have you had any calls work? Etc...

Hi Bill thanks for the following up. Yes I should provide more context. We're not in cloud yet so it's DC. I do read the thread and the Jira document closely and try every senarios I can think of, including manually logon to disable captacha. The error messages I have imply authentication failure using PAK:

Response code: 400, Response contents: {"errorMessages":[],"errors":{"summary":"Field 'summary' cannot be set. It is not on the appropriate screen, or unknown.","description":"Field 'description' cannot be set. It is not on the appropriate screen, or unknown."}}

Jira issue creation failure: b'{"errorMessages":[],"errors":{"summary":"Field \'summary\' cannot be set. It is not on the appropriate screen, or unknown.","description":"Field \'description\' cannot be set. It is not on the appropriate screen, or unknown."}}'

Here is the python code partial that make the rest api call:

class JiraClient:

def __init__(self, env, file):

self.env = env

self.env_pattern = re.compile( r'^\<%= ENV\[\'(.*)\'\] %\>(.*)$' )

self.conf_dir = dirname(realpath(__file__)) + "/conf/"

if not is_directory(self.conf_dir):

 mkdir(self.conf_dir)

self.conf_file = file if file else self.conf_dir + "jira_integration.yaml"

self.conf_dict = self.load_yaml(self.conf_file)

self.jira_headers = {

"Accept": "application/json",

"Content-Type": "application/json",

"Authorization": "Bearer " + self.conf_dict[self.env]["api-token"]

 }

res = requests.post(self.conf_dict[self.env]['api-uri'] + '/issue/', \

headers=self.jira_headers, json=json_data, \

#auth=(self.conf_dict[self.env]['username'], \

#self.conf_dict[self.env]['password']), \

verify=False)

print(f'Response code: {res.status_code}, Response contents: {res.text}')

if res.status_code == 201:

print(f'Jira issue is sucessfully create: {res.status_code}')

else:

print(f'Jira issue creation failure: {res.content}')

return res.status_code

Hi Sam,

No, that looks like you have successfully authenticated/authorized.

• To confirm I am right, always start with a read operation (GET) as that is less prone to configuration issues. Make sure the user can browse/view an issue. Then attempt to GET that issue via the API. If this works then it has nothing to do with your auth.
• The response above suggests that the user/token that is doing the API call cannot 'see' the fields on one of the screens required to carry out the call. Again, you can confirm this by making sure you can execute the operation you are trying manually as that user (after having logged into Jira as that user).

• Your auth header code looks fine to me.

• I've seen this type of error tonnes of times in the past, and it was always to do with the project/screen configuration or user authorisation at that point. Nothing do to with authentication. 

Hi Bill, thanks for the following up. This makes no sense to me - I don't understand what's the configurations could be wrong. The same code would work if I switch to the test user name and password, such as below:

res = requests.post(self.conf_dict[self.env]['api-uri'] + '/issue/', \

headers=self.jira_headers, json=json_data, \

auth=(self.conf_dict[self.env]['username'], \

self.conf_dict[self.env]['password']), \

verify=False)

Note the token is generated under the SAME test user. 

• Did you try a read/get an issue request per my suggestion?
• The token above has never been used ("Last authenticated - Never") so that suggests that something is wrong with the request you're sending (contrary to what I said above)... so I'd check that the Authorization part of the header dict is indeed producing "Bearer TOKEN......." into the headers.

Thank you Bill. Yes you're right this time. It's the Jira headers problem. Somehow the code below did not work:

self.jira_headers = {

"Accept": "application/json",

"Content-Type": "application/json",

"Authorization": "Bearer " + self.conf_dict[self.env]["api-token"]

 }

Once I split the last line into 2 it works like a magic:

self.token = self.conf_dict[self.env]["api-token"]

self.jira_headers = {

"Accept": "application/json",

"Content-Type": "application/json",

"Authorization": "Bearer " + self.token

 }

Good to hear!

Thanks for the suggestion.
I created an answer from my comment.

Sincerely,
Rob

import requests
import base64

user = 'user.email'
token = 'token.here'
url = 'URL_HERE'

auth = user + ":" + token
encoded = base64.b64encode(bytes(auth, "utf-8"))
encodedAuth = encoded.decode("utf-8")

headers = {
  "Accept":"application/json",
  "Content-Type":"application/json",
  "Authorization":"Bearer " + encodedAuth
}

r = requests.get(url, headers=headers)
print(r)

Rafer

Hi Rafer thanks for this solution, quite helpful in solving this jira authentication error:

basic authentication with passwords is deprecated