REST Api Oauth Invalid Signature

I'm getting an error when trying to request a request token via the REST API. This is what I am sending as my bas string (before encrypting)


Below is what I am recieving.

18:35:11:202 USER_DEBUG 

&oauth_signature=<redacted because apparently atlassian doesn't want me to put this in the question>



I'm not sure what I'm missing being an oauth newb and all.

2 answers


I am facing the same issue. did you solve that issue? 

if yes then please provide the solution


After one week I solved the same problem.

At first, it is not important which protocoll you use, my application (HTTPS) is able to communicate to JIRA (http).

Be sure to configure your application link correctly.  This website helped me: Configure Application Link .

You should also use the parameter 'oauth_callback'.

At first you have to create a correct base string, here is my code (PHP):

$paramValues = [];
    foreach($parameter as $key => $value){
        $key = rawurlencode($key);
        $value = urlencode($value);
        $paramValues[] = $key . '=' . $value;
    $baseString = strtoupper($pHttpMethod) . //would be POST
        '&' . rawurlencode('BASEURL/plugins/servlet/oauth/request-token') .
        '&' . rawurlencode(implode('&', $paramValues));

The variable $parameter (array) is like

'oauth_callback' => 'oob',

'oauth_consumer_key' => blabla.

and so on :)

Make sure your base string is correctly.

After that, you have to create the signature:

    $publicKey = openssl_pkey_get_public("file:..jira_publickey.pem");
    $certificate = openssl_pkey_get_private("file:..jira_privatekey.pem");
    $privateKey = openssl_get_privatekey($certificate);
    $rawSignature = '';

    openssl_sign($baseString,$rawSignature ,$privateKey, 'sha1WithRSAEncryption');

    $signCheck = openssl_verify($baseString, $rawSignature, $publicKey, OPENSSL_ALGO_SHA1);
    if($signCheck == 1 ){
        return base64_encode($rawSignature);
    } elseif ($signCheck == 0){
        return 0;
    } else {
      echo "Error". openssl_error_string();

I used the algorithm sha1WithRSAEncryption but you can also use OPENSSL_ALGO_SHA1. I demonstrated it with openssl_verify.

It's important to encode your signature base64.

After that, you create a new array with all these paremeters with (!) oauth_signature:

'oauth_callback' => 'oob',
        'oauth_consumer_key' => yourconsumerkey,
        'oauth_nonce' => same nonce,
        'oauth_signature_method' => 'RSA-SHA1,
        'oauth_timestamp' => 'same timestamp',
        'oauth_version' => '1.0'
        'oauth_signature' => 'yourgeneratedSignature'

Be sure, the values are identical to your previous values, if you use an another timestamp or nonce the signature will be invalid.

$timestamp = time();
$nonce = rand(10000, 999999999);

After that, send your parameter to JIRA. My code:

$ch = curl_init();
                CURLOPT_POST => true,
                CURLOPT_URL => BASEURL/plugins/servlet/oauth/request-token . '?' . http_build_query($fullParameter),
                CURLOPT_RETURNTRANSFER => true,
                CURLOPT_SSL_VERIFYHOST => false,
                CURLOPT_SSL_VERIFYPEER => false,
    $result = curl_exec($ch);


$fullParameter should also be an array.

I didn't touch the header or the body and it works fluently.

You should get the oauth_token and oauth_token_secret

In your Webbrowser type the URL: BASEURL/plugins/servlet/oauth/authorize ?oauth_token=your token.

you will see the JIRA Site.  If you set an URL in 'oauth_callback' JIRA will send the information back to that link.

This image is also very usefull:

OAuth 1.0a Authentication Process

I hope I could help you a bit, question me, if you are not sure :)

Kind Regards

Suggest an answer

Log in or Join to answer
Community showcase
Maarten Cautreels
Posted Thursday in Off-topic

Friday Fun: What's your favourite beer/drink

As a Belgian, beer-lover and home brewer, beer is one of my great passions. I love the fact that with just a few ingredients (usually just water, hop and malt) you can create so many different tastes...

286 views 38 9
Join discussion

Atlassian User Groups

Connect with like-minded Atlassian users at free events near you!

Find a group

Connect with like-minded Atlassian users at free events near you!

Find my local user group

Unfortunately there are no AUG chapters near you at the moment.

Start an AUG

You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs

Groups near you
Atlassian Team Tour

Join us on the Team Tour

We're bringing product updates and pro tips on teamwork to ten cities around the world.

Save your spot