JIRA_server_API Standards

Amar Ghag January 24, 2020

Hi Folks,

 

Overview: We've a requirement here where external cloud application (Plutora) make calls to our JIRA rest API in order to access the data in JSON format. We've our organisation specific API Gateway and all calls from external to internal application is via our API Gateway. As part of security policy, all the calls needs to be secured by Basic Authentication.

Problem Statement :

From the testing API Standards, the expectation is that for any rest API is to expect the 'Authorization' header for each call. Below are the test steps that been followed and need your support in this for resolution
Step 1. When the first call made to API (/rest/api/2/search?jql=<jql-query>&fields=<field-query>&maxResults=<maxResults-query>) without any 'Authorization' header, the JIRA API responds as 200 Ok with below JSON response :
{
"startAt": 0,
"maxResults": 10,
"total": 0,
"issues": []
}

As part of our API Standard in our Organization, the result should return as 401 (Unauthorized).

Step 2. When the call made with 'Authorization' header, the JIRA API responds as 200 Ok with the expected JSON response.
Step 3. The next call made without any 'Authorization' header, the JIRA API responds as 200 Ok with the same response as above in Step-2. The expectation is 'JIRA' should return 401 error code.

Please let us know if there is any way we can enable the JIRA API to behave as per our requirement. The only case where we see 401 is when the first call made with wrong credentials as part of Basic base-64 credentials.

 

Regards,

Amar

1 answer

1 accepted

0 votes
Answer accepted
Nic Brough -Adaptavist-
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
January 24, 2020

Atlassian are not going to rewrite the REST API interfaces for custom use.

Also, you should plan for Basic Auth to go away.  It's been removed from Cloud, is on the way out on Data Centre, and Server will follow shortly after that.

Amar Ghag January 24, 2020

Hi Nic,

 

Thank you for quick response.

You mean basic Auth will go away from JIRA server soon ?
If yes, any tentative timeline for it? 

It will be great if you suggest us other way or workaround to achieve our requirement ?

Regards,

Amar

Nic Brough -Adaptavist-
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
January 24, 2020

Sort of.  You can expect it to be gradually deprecated over the next couple of years, as most corporates with regulation/compliance meaning they're sticking with Server/DC really don't want basic authentication, and everyone else should be on Cloud (which doesn't have it).

I would move to Oauth access to start with (over https of course) and see what you get back then.

Suggest an answer

Log in or Sign up to answer