Permit anonymous users to add attachments via REST API Edited

I'm trying to add attachments to an issue without authorization. I've set permissions in Project Settings > Permissions > Attachments Permissions > Create Attachments to "Anyone".

When I make a Post request without an authorization header I receive the following response:


{"errorMessages":["Issue does not exist or you do not have permission to see it."],"errors":{}}

When I add an authorization header everything works well. Also, I can create issues without adding an authorization header.

What Am I missing? How can I set permissions so that I can add attachments via REST API without supplying an authorization header?


EDIT: This worked for me:

I had to change permissions in Permissions > Browse Projects

Ability to browse projects and the issues within them

1 answer

0 vote

Hi Markus,

It looks like you already found the solution here, if other users should have this same problem you will need to first allow these anonymous users to do this via the project's permission scheme.  Managing project permissions has details on how this can be done.

Thanks for updating the post to provide your solution!


Is there no other way? As the original poster mentioned, you can create issues without authentication. We have no desire to expose our entire project to anonymous users. We simply want our application to be able to create issues and then add attachments without hard-coding credentials.

Hi Chris,

At the moment, I do not believe there is another way to do this within Jira. There is a bug ticket for this problem in

However that case was not specific to the API for Jira, the same problem exists when using the web interface for anonymous users.


However not all is lost by setting this browse project permission to the "anyone" group.   You could still use Jira's Issue level security schemes in order to setup a security scheme that allows only 'any logged in user' access to view issues in that project.  This would still allow anonymous users to create issue and add attachments, but it would then restrict the viewing of those issues to keep all the issue from being seen by anonymous users.   This is one way you can both allow those users to add attachments, but then still keep them from seeing the issues in that project.

Suggest an answer

Log in or Join to answer
Community showcase
Alexey Matveev
Published Saturday in Jira

How to run Jira in a docker container

Everything below is tested on Ubuntu 17.10. I prefer to use Jira in a docker container because: 1. I can install Jira with a couple of commands. 2. I can start and stop Jira just by starting and s...

393 views 6 8
Read article

Atlassian User Groups

Connect with like-minded Atlassian users at free events near you!

Find a group

Connect with like-minded Atlassian users at free events near you!

Find my local user group

Unfortunately there are no AUG chapters near you at the moment.

Start an AUG

You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs

Groups near you
Atlassian Team Tour

Join us on the Team Tour

We're bringing product updates and pro tips on teamwork to ten cities around the world.

Save your spot