Create
cancel
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in

Next challenges

Recent achievements

  • Global
  • Personal

Recognition

  • Give kudos
  • Received
  • Given

Leaderboard

  • Global

Trophy case

Kudos (beta program)

Kudos logo

You've been invited into the Kudos (beta program) private group. Chat with others in the program, or give feedback to Atlassian.

View group

It's not the same without you

Join the community to find out what other Atlassian users are discussing, debating and creating.

Atlassian Community Hero Image Collage

JIRA_server_API Standards

Hi Folks,

 

Overview: We've a requirement here where external cloud application (Plutora) make calls to our JIRA rest API in order to access the data in JSON format. We've our organisation specific API Gateway and all calls from external to internal application is via our API Gateway. As part of security policy, all the calls needs to be secured by Basic Authentication.

Problem Statement :

From the testing API Standards, the expectation is that for any rest API is to expect the 'Authorization' header for each call. Below are the test steps that been followed and need your support in this for resolution
Step 1. When the first call made to API (/rest/api/2/search?jql=<jql-query>&fields=<field-query>&maxResults=<maxResults-query>) without any 'Authorization' header, the JIRA API responds as 200 Ok with below JSON response :
{
"startAt": 0,
"maxResults": 10,
"total": 0,
"issues": []
}

As part of our API Standard in our Organization, the result should return as 401 (Unauthorized).

Step 2. When the call made with 'Authorization' header, the JIRA API responds as 200 Ok with the expected JSON response.
Step 3. The next call made without any 'Authorization' header, the JIRA API responds as 200 Ok with the same response as above in Step-2. The expectation is 'JIRA' should return 401 error code.

Please let us know if there is any way we can enable the JIRA API to behave as per our requirement. The only case where we see 401 is when the first call made with wrong credentials as part of Basic base-64 credentials.

 

Regards,

Amar

1 answer

1 accepted

0 votes
Answer accepted

Atlassian are not going to rewrite the REST API interfaces for custom use.

Also, you should plan for Basic Auth to go away.  It's been removed from Cloud, is on the way out on Data Centre, and Server will follow shortly after that.

Hi Nic,

 

Thank you for quick response.

You mean basic Auth will go away from JIRA server soon ?
If yes, any tentative timeline for it? 

It will be great if you suggest us other way or workaround to achieve our requirement ?

Regards,

Amar

Sort of.  You can expect it to be gradually deprecated over the next couple of years, as most corporates with regulation/compliance meaning they're sticking with Server/DC really don't want basic authentication, and everyone else should be on Cloud (which doesn't have it).

I would move to Oauth access to start with (over https of course) and see what you get back then.

Suggest an answer

Log in or Sign up to answer
TAGS

Community Events

Connect with like-minded Atlassian users at free events near you!

Find an event

Connect with like-minded Atlassian users at free events near you!

Unfortunately there are no Community Events near you at the moment.

Host an event

You're one step closer to meeting fellow Atlassian users at your local event. Learn more about Community Events

Events near you