Overview: We've a requirement here where external cloud application (Plutora) make calls to our JIRA rest API in order to access the data in JSON format. We've our organisation specific API Gateway and all calls from external to internal application is via our API Gateway. As part of security policy, all the calls needs to be secured by Basic Authentication.
Problem Statement :
From the testing API Standards, the expectation is that for any rest API is to expect the 'Authorization' header for each call. Below are the test steps that been followed and need your support in this for resolution
Step 1. When the first call made to API (/rest/api/2/search?jql=<jql-query>&fields=<field-query>&maxResults=<maxResults-query>) without any 'Authorization' header, the JIRA API responds as 200 Ok with below JSON response :
As part of our API Standard in our Organization, the result should return as 401 (Unauthorized).
Step 2. When the call made with 'Authorization' header, the JIRA API responds as 200 Ok with the expected JSON response.
Step 3. The next call made without any 'Authorization' header, the JIRA API responds as 200 Ok with the same response as above in Step-2. The expectation is 'JIRA' should return 401 error code.
Please let us know if there is any way we can enable the JIRA API to behave as per our requirement. The only case where we see 401 is when the first call made with wrong credentials as part of Basic base-64 credentials.
Atlassian are not going to rewrite the REST API interfaces for custom use.
Also, you should plan for Basic Auth to go away. It's been removed from Cloud, is on the way out on Data Centre, and Server will follow shortly after that.
Sort of. You can expect it to be gradually deprecated over the next couple of years, as most corporates with regulation/compliance meaning they're sticking with Server/DC really don't want basic authentication, and everyone else should be on Cloud (which doesn't have it).
I would move to Oauth access to start with (over https of course) and see what you get back then.
Connect with like-minded Atlassian users at free events near you!Find an event
Connect with like-minded Atlassian users at free events near you!
Unfortunately there are no Community Events near you at the moment.Host an event
You're one step closer to meeting fellow Atlassian users at your local event. Learn more about Community Events