Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Products
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Permit anonymous users to add attachments via REST API

Markus Kuspa
Markus Kuspa June 21, 2017

I'm trying to add attachments to an issue without authorization. I've set permissions in Project Settings > Permissions > Attachments Permissions > Create Attachments to "Anyone".

When I make a Post request without an authorization header I receive the following response:

STATUS 404

{"errorMessages":["Issue does not exist or you do not have permission to see it."],"errors":{}}

When I add an authorization header everything works well. Also, I can create issues without adding an authorization header.

What Am I missing? How can I set permissions so that I can add attachments via REST API without supplying an authorization header?

 

EDIT: This worked for me:

I had to change permissions in Permissions > Browse Projects

Ability to browse projects and the issues within them

Answer
Watch
Like Andy Heinzer likes this
1437 views

1 answer

0 votes
Andy Heinzer
Andy Heinzer
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
July 19, 2017

Hi Markus,

It looks like you already found the solution here, if other users should have this same problem you will need to first allow these anonymous users to do this via the project's permission scheme.  Managing project permissions has details on how this can be done.

Thanks for updating the post to provide your solution!

 

View More Comments
Chris Phillips
Chris Phillips March 1, 2018

Is there no other way? As the original poster mentioned, you can create issues without authentication. We have no desire to expose our entire project to anonymous users. We simply want our application to be able to create issues and then add attachments without hard-coding credentials.

Like
Andy Heinzer
Andy Heinzer
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
March 5, 2018

Hi Chris,

At the moment, I do not believe there is another way to do this within Jira. There is a bug ticket for this problem in https://jira.atlassian.com/browse/JRACLOUD-67739

However that case was not specific to the API for Jira, the same problem exists when using the web interface for anonymous users.

 

However not all is lost by setting this browse project permission to the "anyone" group.   You could still use Jira's Issue level security schemes in order to setup a security scheme that allows only 'any logged in user' access to view issues in that project.  This would still allow anonymous users to create issue and add attachments, but it would then restrict the viewing of those issues to keep all the issue from being seen by anonymous users.   This is one way you can both allow those users to add attachments, but then still keep them from seeing the issues in that project.

Like
Brady Brenot
Brady Brenot September 27, 2018

This is one way you can both allow those users to add attachments, but then still keep them from seeing the issues in that project.

This doesn't appear to be the case. If issue security level prohibits anonymous users from viewing issues, they also cannot post attachments.

Like Thomas Dowd likes this
Reply

Suggest an answer

Log in or Sign up to answer
Jira
Jira Software
TAGS
AUG Leaders

Atlassian Community Events

    See all events