JIRA REST API - 401 Unauthorised - for administrator level user

I've been trying for days to use the REST api via basic http auth using curl (this is just the first step toward using the api in an app!) but keep getting a 401 response. I've looked everywhere throughout the configuration settings, user preferences etc and can find anything else to change. What am I doing wrong?

Mode: Private

Accept remote API calls: ON

example curl:

$ curl -D- -u uname:pword -X GET -H "Content-Type: application/json" https://myjira.atlassian.net/jira/rest/api/2/project

From the documentation I can find this is all I should need and should be providing me with JSON data but I get 401. Is there a setting somewhere (undocumented) that will allow my user account to access the data from this on-demand instance?

7 answers

1 accepted

1 vote
Accepted answer

I found that (after a lot of research and frustration with the documentation) the issue was I was trying to interface with the JIRA restful API - which wasnt what I needed in the end! Instead I needed to be interfacing the GreenHopper restful API. This resolved all of my issues. Heres a few examples that might help:

List of Sprints from RapidView Board

curl -D- -u username:password -X GET -H "Content-Type: application/json" "https://myjira.atlassian.net/rest/greenhopper/1.0/sprints/<rapid_board_id>"

Long Sprint Summary

curl -D- -u username:password -X GET -H "Content-Type: application/json" "https://myjira.atlassian.net/rest/greenhopper/1.0/rapid/charts/sprintreport?rapidViewId=<rapid_board_id>&sprintId=<sprint_id>"

Short Sprint Summary for points

curl -D- -u username:password -X GET -H "Content-Type: application/json" "https://myjira.atlassian.net/rest/greenhopper/1.0/sprint/complete/model?rapidViewId=<rapid_board_id>&sprintId=<sprint_id>"

There are a number of others. Once I realised that the front-end UI of JIRA OnDemand was using the restful APIs I was after I payed special attention to the url as I browsed around my account and was able to use most of them in the application I built.

The documentation doesnt really reference GreenHopper anymore - Im wondering if they are absorbing it into the core?

Hope that helps!

Note that if you are logging in via a sync Google account, it is NOT the google password you are supposed to use. Also it is not the email.

Instead you should go to your user profile and look up your username and set a password.


For site admin functions, RSS feeds, REST API access, or WebDAV uploads you'll need to have an Atlassian Cloud password (separate to your Google Apps password. If you haven't set an Atlassian Cloud password, go to the login page and choose Unable to access your account? in the Atlassian Cloud login section.

Of course it makes no sense that this information is not available on the REST API documentation page, since it is quite crucial to get it working.

Just for Atlassians reference - it would be handy if the online support were a little more user friendly - this example from github is straight to the point, sets expectation and walks you through the process easily: https://help.github.com/articles/generating-ssh-keys

Also left this as feedback through ondemand

I can also successfully log in with uname:pword through the browser.

0 votes

The URL is a little bit off. You don't need the /jira part, so it should be


Otherwise it looks like it should work.

Thanks for your answer Michael, however I get the same response. Its got to be some configuration setting for my user account - we haven't set up a consumer key for OAuth yet - but assumed the basic auth for http wouldnt need it. Also, the documentation at http://docs.atlassian.com/jira/REST/latest/ uses the /jira in all of the examples at the bottom.

Here is the headers from the response using the command $ curl -D- -u uname:pword -X GET -H "Content-Type: application/json"https://myjira.atlassian.net/rest/api/2/project

HTTP/1.1 401 Unauthorized

Server: nginx

Date: Wed, 06 Mar 2013 08:58:57 GMT

Content-Type: text/html;charset=UTF-8

Transfer-Encoding: chunked

Connection: keep-alive

X-AREQUESTID: 538x238122x1

Set-Cookie: JSESSIONID=D02A638EE72BA51844F7B104D6AD3C54; Path=/; HttpOnly

Set-Cookie: studio.crowd.tokenkey=""; Domain=.myjira.atlassian.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/; HttpOnly

X-Seraph-LoginReason: OUT

Set-Cookie: studio.crowd.tokenkey=""; Domain=. myjira.atlassian.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/; HttpOnly


Set-Cookie: studio.crowd.tokenkey=""; Domain=. myjira.atlassian.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/; HttpOnly

Set-Cookie: studio.crowd.tokenkey=""; Domain=. myjira.atlassian.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/; HttpOnly


WWW-Authenticate: OAuth realm="https%3A%2F%2Fmyjira.atlassian.net"

X-Content-Type-Options: nosniff

Vary: Accept-Encoding


The problem seems to be with the user account I'm using so will try with others. I also noted in the header response that there is an empty value for the studio.crowd.tokenkey in the cookie that is delivered (4 times for some reason).

Do you happen to use Google Apps authentication with your OnDemand instance? If so, you will need to use your OnDemand password (not your Google Apps password) to authenticate.

OnDemand will have prompted you to set an OnDemand password when you first logged in with Google Apps. If you have forgotten it, you can have an administrator set a password for you.

If I remember correctly, if you get the header


This means you activate a protection system because of too many failed logins.

If this happens you would get a captcha in the web interface. But the REST api clearly cannot support this.

This might a little late, but if you're still having this problem can you show what the actual details that come back are? Is it a 'Forbidden' html page? Also, when you successfully login through the browser is it allowing normal login or do you need to solve a captcha?

We are experiencing the same issue here. I was wondering if Michael's response fixed your issue, OharaSi, or if you found a different resolution. Thanks!

Hey Leslie - I've posted my answer - which is how I resolved it in the end.

Suggest an answer

Log in or Sign up to answer
Community showcase
Published Wednesday in Jira

Make your Atlassian Cloud products more secure: our NEW admin security guide

Hey admins! I’m Dave, Principal Product Manager here at Atlassian working on our cloud platform and security products. Cloud security is a moving target. As you adopt more products, employees consta...

155 views 0 6
Read article

Atlassian User Groups

Connect with like-minded Atlassian users at free events near you!

Find a group

Connect with like-minded Atlassian users at free events near you!

Find my local user group

Unfortunately there are no AUG chapters near you at the moment.

Start an AUG

You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs

Groups near you