We are currently switching to API token-based authentication to query the JIRA Cloud REST API, using a fork of maven-changes-plugin.
This was working previously using a username/password Basic Auth authentication scheme, but now this is failing big times using the API token instead of the password.
Authentication looks ok, since we get a 200 OK back from the server, but attempting to query (for instance) the list of projects that the user can see always returns back with an empty array:
curl -v https://oursite.atlassian.net/rest/api/3/project -u 'username:apitoken'
Authorization: Basic cGRvs67.....
Obviously, the user can login successfully in the UI, see and browse many projects...
I see that you are running into authentication errors when trying to switch from the deprecated password to use the API token for a Cloud REST API call.
The use of the API token is slightly different than using a cleartext password. You can't just substitute that token for the password itself. Instead you need to create a string of your
and then base64 encode that string. Once you do that, you have to supply that string as part of a header in your request. More details in https://developer.atlassian.com/cloud/jira/platform/jira-rest-api-basic-authentication/.
Supplying basic auth headers
If you need to, you may construct and send basic auth headers yourself. To do this you need to perform the following steps:
- Generate an API token for Jira using your Atlassian Account: https://id.atlassian.com/manage/api-tokens.
- Build a string of the form
- BASE64 encode the string.
- Supply an
Authorizationheader with content
Basicfollowed by the encoded string. For example, the string
ZnJlZDpmcmVkin base64, so you would make the request as follows:
curl -D- \
-X GET \
-H "Authorization: Basic ZnJlZDpmcmVk" \
-H "Content-Type: application/json" \
Try this and let me know the results.
That works perfectly.
The problem I was running into is that I was using the username and not the email address.
The doc that you referred to was the one I was using - but I'm afraid that it was not extra-clear to me, see section "Getting your API token":
You can generate an API token for your Atlassian account and use it to authenticate anywhere where you would have used a password.
So that's what I did, but definitely overlooked the rest because I'm not building the Authorization header myself (curl or the HTTP library does it all for me).
Therefore I did not detect that I had to switch to the email address as well instead of username...
Thanks a lot!
i created an API token using my email address.
(actually postman do that automatically but i also tried encoding manually)
Authorization header with content
Basic followed by the encoded string..
still getting Unauthorized (401)
trying to hit https://jira.livevox.com/rest/api/2/search
any ideas? do my company requires to do some additional setup??
The steps we have above are specifically for using Atlasisan Cloud. In those cases, the URLs will be either atlassian.net or a jira.com domain. In your case, it looks like a non-Atlassian Cloud domain. Meaning that this is likely running a Jira Server and not Jira Cloud.
Atlassian offers our Cloud sites the ability for end users to create API tokens. However Server products do not currently offer the exact same feature. So while Jira Cloud you can encode the username:apitoken into a base64 string, for Jira Server, you just use the username:password when encoding the string. More details for Server basic auth in https://developer.atlassian.com/server/jira/platform/basic-authentication/ .
Try that instead.
Connect with like-minded Atlassian users at free events near you!Find an event
Connect with like-minded Atlassian users at free events near you!
Unfortunately there are no Community Events near you at the moment.Host an event
You're one step closer to meeting fellow Atlassian users at your local event. Learn more about Community Events