Authentication for using Jira REST API

Ulrich Kamp September 21, 2022

Hi, 

I am using Insight for many years now and we use it as a general asset management for all our ITIL processes.

Now we will integrate Insight with some internal backend systems and the general import batch functions are not sufficient anymore. So I learned using the Insight REST API, which works fine so far. 

For authentication I recently use my username and password, but I would prefer to use an API-Token.

At the page https://insight-javadoc.riada.io/insight-javadoc-8.6/insight-rest/ authentication is not documented at all.

So I tried to use the global REST Jira documentation  at https://developer.atlassian.com/cloud/confluence/basic-auth-for-rest-apis/#simple-example. At least it works with my password, but not with the API token: I tried "curl -D- -u MY-USER:MY-PASSWD ...", which works fine, but with "curl -D- -u MY-USER:MY-API-TOKEN ..." I always got an 401 error.

Are there specific requirements for Insight? Or did I understand something wrong?

Thanks for any help.

3 answers

2 accepted

0 votes
Answer accepted
Ulrich Kamp September 22, 2022

Hi, after some more guessing and testing as well as some more reaerch I found the solution myself:

  • The Insight-linked documentation is wrong resp. only works for Jira Cloud.
  • Basic auth seems to differ between Jira Cloud and Jira Server. Good to know ...
  • The right link for Jira Server basic authentication is https://developer.atlassian.com/server/jira/platform/basic-authentication/#construct-the-authorization-header: You have to base64 encode username and password, not API token.
  • So, the API token at Jira Server seems to be useless (at least for basic auth) and you have to use your symmetrically encoded combination of username and password. Not the best idea ... But it works this way.

I will try your suggestion later @Tanishka Tandon, this could work for me.

0 votes
Answer accepted
Tanishka Tandon
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
September 21, 2022

Hi  Ulrich, 

You can easily create API keys/tokens using the miniOrange REST API Authentication add-on for Jira and securely authenticate your Jira API requests. 

If you want to control who is calling the APIs, you could find an option to set a group-based restriction on APIs which would allow only certain groups in Jira to access the APIs. Similarly, you can also set an IP-based restriction on the APIs.

In the plugin’s audit logs, you would be able to monitor the API activity happening in your Jira instance. You can also export them in a CSV if you want to carry out analytics on them.

Find more about the addon here -Jira API Token/OAuth Authentication

Hope this answer helps you. 

Thanks.

Ulrich Kamp September 22, 2022

Thanks, not exactly what I expected, but I will try.

0 votes
Robert Wen_Cprime_
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
September 21, 2022

Did you base64 encode your user:API token string?

Ulrich Kamp September 22, 2022

Yes, I did.

Suggest an answer

Log in or Sign up to answer
TAGS
AUG Leaders

Atlassian Community Events