Hi all,
We are currently switching to API token-based authentication to query the JIRA Cloud REST API, using a fork of maven-changes-plugin.
This was working previously using a username/password Basic Auth authentication scheme, but now this is failing big times using the API token instead of the password.
Authentication looks ok, since we get a 200 OK back from the server, but attempting to query (for instance) the list of projects that the user can see always returns back with an empty array:
curl -v https://oursite.atlassian.net/rest/api/3/project -u 'username:apitoken'
Authorization: Basic cGRvs67.....
HTTP/2 200
[]
Obviously, the user can login successfully in the UI, see and browse many projects...
Any idea?
Hi Pascal,
I see that you are running into authentication errors when trying to switch from the deprecated password to use the API token for a Cloud REST API call.
The use of the API token is slightly different than using a cleartext password. You can't just substitute that token for the password itself. Instead you need to create a string of your
emailaddress:API_Token
and then base64 encode that string. Once you do that, you have to supply that string as part of a header in your request. More details in https://developer.atlassian.com/cloud/jira/platform/jira-rest-api-basic-authentication/.
Supplying basic auth headers
If you need to, you may construct and send basic auth headers yourself. To do this you need to perform the following steps:
- Generate an API token for Jira using your Atlassian Account: https://id.atlassian.com/manage/api-tokens.
- Build a string of the form
useremail:api_token
.- BASE64 encode the string.
- Supply an
Authorization
header with contentBasic
followed by the encoded string. For example, the stringfred:fred
encodes toZnJlZDpmcmVk
in base64, so you would make the request as follows:curl -D- \
-X GET \
-H "Authorization: Basic ZnJlZDpmcmVk" \
-H "Content-Type: application/json" \
Try this and let me know the results.
Andy
Hi Andy,
That works perfectly.
The problem I was running into is that I was using the username and not the email address.
The doc that you referred to was the one I was using - but I'm afraid that it was not extra-clear to me, see section "Getting your API token":
You can generate an API token for your Atlassian account and use it to authenticate anywhere where you would have used a password.
So that's what I did, but definitely overlooked the rest because I'm not building the Authorization header myself (curl or the HTTP library does it all for me).
Therefore I did not detect that I had to switch to the email address as well instead of username...
Thanks a lot!
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
This doesn't work.
I've used my user email:api_token and I can connect just fine.
-u my@email.com:api_token123 // WORKS
When I convert that same string into base64 and use that it 400s every time.
-H "Authorization: Basic AbCdE123F==" // FAILS
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
I managed to solve mine. Turns out I was using the wrong Base64 encryption. There are many types, make sure you're using the right one.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Andy,
i created an API token using my email address.
then
useremail:api_token
.(actually postman do that automatically but i also tried encoding manually)
then
Supply an Authorization
header with content Basic
followed by the encoded string..
still getting Unauthorized (401)
trying to hit https://jira.livevox.com/rest/api/2/search
any ideas? do my company requires to do some additional setup??
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Juan,
The steps we have above are specifically for using Atlasisan Cloud. In those cases, the URLs will be either atlassian.net or a jira.com domain. In your case, it looks like a non-Atlassian Cloud domain. Meaning that this is likely running a Jira Server and not Jira Cloud.
Atlassian offers our Cloud sites the ability for end users to create API tokens. However Server products do not currently offer the exact same feature. So while Jira Cloud you can encode the username:apitoken into a base64 string, for Jira Server, you just use the username:password when encoding the string. More details for Server basic auth in https://developer.atlassian.com/server/jira/platform/basic-authentication/ .
Try that instead.
Andy
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.