Rest API requests NOT working with any other tool than "Rest API Browser" - received 403 forbidden error

I am working on REST API stuff and mainly working with "Rest API Browser" add-on.

Whenever i try to post any request from this add-on say creating test cycle, test steps etc the request gets proccessed within few mins with success code(200) however if i try to do same thing with any tool [say gatling] i am receiving an error 403-forbidden, i have rechecked all the request headers and those seems to be fine and correct.


I am not sure why i am not able to post the request through any other tool than "Rest API Browser" tool.

Kindly help me in getting this sorted.

Kind regards,


1 answer

0 votes

Generally if you are having problems with making REST requests that are working in one tool but not others, this would point to an authentication issue of some kind. Are you able to provide examples of the type of REST API call you are trying to make, specifically where it is working and where it is not working?

What type of authentication are you passing through in the headers when you are not using Rest API browser?

Hi Jeff,

I want to create test plan/cycle in Jira for that I am using below JSON request:


           "clonedCycleId": "",

           "name": "Temp Test Cycle",

           "build": "",

           "environment": "Env",

           "description": "Creating new test cycle",

           "startDate": "",

           "endDate": "",

           "projectId": "12345",

           "versionId": "-1"


and the API is: rest/zephyr/latest/cycle

also I am passing below request headers:

"User-Agent"  -> "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:45.0) Gecko/20100101 Firefox/45.0",

"Accept-Encoding"  -> "gzip, deflate",

"AO-7DEABF"  -> "1v+f9MW2DCye5LYQR4YV772dXbRdUgbQG3/Ygwp2sUuPiexaqWDokYCYl0cvMWeim7M8Q91uRo9C5bjia/0bMQ==",

"Cookie"  -> "atlassian.xsrf.token=nocheck; JSESSIONID=${sessionID}",

"X-Atlassian-Token"  -> "nocheck",

"Content-Type" -> "application/json")


Please note i have added "X-Atlassian-Token"  -> "nocheck", in request headers because i got "XSRF Check failed error" and if i romove "X-Atlassian-Token"  -> "nocheck" the i received 403 forbidden error.


kindly help on the same.


Apologies I am not very familiar with the Zephyr APIs as they are not a native part of the Atlassian platform. However some quick googling indicates that you may be able to pass a base64 encoded version of a username/pwd hash in the headers (as shown in this ticket which might do the trick.

I also found this resource which has some example code to get you started, and that seems to confirm my suspicion above (

I tried to pass all the possible headers but still received 403-forbidden..

could you please help me in identifying the mandatory authentication headers which needs to be passed?

HI Jeff,

The issue is related to the custom value generation in the request header of the same API which is going to use the request header with the auto-generated value [here the value is AO-7DEABF].

Could u please assist me in handling the same? I want to extract this value from request header and want to pass it in the same request header.

Suggest an answer

Log in or Sign up to answer
Community showcase
Published Jan 08, 2019 in Jira

How to Jira for designers

I’m a designer on the Jira team. For a long time, I’ve fielded questions from other designers about how they should be using Jira Software with their design team. I’ve also heard feedback from other ...

1,223 views 5 10
Read article

Atlassian User Groups

Connect with like-minded Atlassian users at free events near you!

Find a group

Connect with like-minded Atlassian users at free events near you!

Find my local user group

Unfortunately there are no AUG chapters near you at the moment.

Start an AUG

You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs

Groups near you