Come for the products,
stay for the community

The Atlassian Community can help you and your team get more value out of Atlassian products and practices.

Atlassian Community about banner
4,365,263
Community Members
 
Community Events
168
Community Groups

Authentication for using Jira REST API

Hi, 

I am using Insight for many years now and we use it as a general asset management for all our ITIL processes.

Now we will integrate Insight with some internal backend systems and the general import batch functions are not sufficient anymore. So I learned using the Insight REST API, which works fine so far. 

For authentication I recently use my username and password, but I would prefer to use an API-Token.

At the page https://insight-javadoc.riada.io/insight-javadoc-8.6/insight-rest/ authentication is not documented at all.

So I tried to use the global REST Jira documentation  at https://developer.atlassian.com/cloud/confluence/basic-auth-for-rest-apis/#simple-example. At least it works with my password, but not with the API token: I tried "curl -D- -u MY-USER:MY-PASSWD ...", which works fine, but with "curl -D- -u MY-USER:MY-API-TOKEN ..." I always got an 401 error.

Are there specific requirements for Insight? Or did I understand something wrong?

Thanks for any help.

3 answers

2 accepted

0 votes
Answer accepted

Hi, after some more guessing and testing as well as some more reaerch I found the solution myself:

  • The Insight-linked documentation is wrong resp. only works for Jira Cloud.
  • Basic auth seems to differ between Jira Cloud and Jira Server. Good to know ...
  • The right link for Jira Server basic authentication is https://developer.atlassian.com/server/jira/platform/basic-authentication/#construct-the-authorization-header: You have to base64 encode username and password, not API token.
  • So, the API token at Jira Server seems to be useless (at least for basic auth) and you have to use your symmetrically encoded combination of username and password. Not the best idea ... But it works this way.

I will try your suggestion later @Tanishka Tandon, this could work for me.

Hi  Ulrich, 

You can easily create API keys/tokens using the miniOrange REST API Authentication add-on for Jira and securely authenticate your Jira API requests. 

If you want to control who is calling the APIs, you could find an option to set a group-based restriction on APIs which would allow only certain groups in Jira to access the APIs. Similarly, you can also set an IP-based restriction on the APIs.

In the plugin’s audit logs, you would be able to monitor the API activity happening in your Jira instance. You can also export them in a CSV if you want to carry out analytics on them.

Find more about the addon here -Jira API Token/OAuth Authentication

Hope this answer helps you. 

Thanks.

Thanks, not exactly what I expected, but I will try.

0 votes
Robert Wen Community Leader Sep 21, 2022

Did you base64 encode your user:API token string?

Suggest an answer

Log in or Sign up to answer
TAGS

Atlassian Community Events