Permit anonymous users to add attachments via REST API Edited

I'm trying to add attachments to an issue without authorization. I've set permissions in Project Settings > Permissions > Attachments Permissions > Create Attachments to "Anyone".

When I make a Post request without an authorization header I receive the following response:

STATUS 404

{"errorMessages":["Issue does not exist or you do not have permission to see it."],"errors":{}}

When I add an authorization header everything works well. Also, I can create issues without adding an authorization header.

What Am I missing? How can I set permissions so that I can add attachments via REST API without supplying an authorization header?

 

EDIT: This worked for me:

I had to change permissions in Permissions > Browse Projects

Ability to browse projects and the issues within them

1 answer

This widget could not be displayed.

Hi Markus,

It looks like you already found the solution here, if other users should have this same problem you will need to first allow these anonymous users to do this via the project's permission scheme.  Managing project permissions has details on how this can be done.

Thanks for updating the post to provide your solution!

 

Is there no other way? As the original poster mentioned, you can create issues without authentication. We have no desire to expose our entire project to anonymous users. We simply want our application to be able to create issues and then add attachments without hard-coding credentials.

Hi Chris,

At the moment, I do not believe there is another way to do this within Jira. There is a bug ticket for this problem in https://jira.atlassian.com/browse/JRACLOUD-67739

However that case was not specific to the API for Jira, the same problem exists when using the web interface for anonymous users.

 

However not all is lost by setting this browse project permission to the "anyone" group.   You could still use Jira's Issue level security schemes in order to setup a security scheme that allows only 'any logged in user' access to view issues in that project.  This would still allow anonymous users to create issue and add attachments, but it would then restrict the viewing of those issues to keep all the issue from being seen by anonymous users.   This is one way you can both allow those users to add attachments, but then still keep them from seeing the issues in that project.

Suggest an answer

Log in or Sign up to answer
Atlassian Summit 2018

Meet the community IRL

Atlassian Summit is an excellent opportunity for in-person support, training, and networking.

Learn more
Community showcase
Posted Wednesday in New to Jira

Are you planning to trial, or are currently trialling Jira Software? - We want to talk to you!

Hello! I'm Rayen, a product manager at Atlassian. My team and I are working hard to improve the trial experience for Jira Software Cloud. We are interested in   talking to 20 people planning t...

130 views 2 0
Join discussion

Atlassian User Groups

Connect with like-minded Atlassian users at free events near you!

Find a group

Connect with like-minded Atlassian users at free events near you!

Find my local user group

Unfortunately there are no AUG chapters near you at the moment.

Start an AUG

You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs

Groups near you