I'm trying to utilise the JIRA Cloud REST API in an application I'm developing. Recently I've started getting 403 errors. My integration was reliable up until about a week ago, however these error responses have started to become very frequent.
I've followed the documentation for 3LO code grants . Currently, I have:
When trying to authenticate with the JIRA Cloud REST API, everything seems to work as expected.
I begin by redirecting the user to authorise "App" to access data from JIRA via https://accounts.atlassian.com/authorize
. I am including the following scope(s) in this request: offline_access read:jira-user read:jira-work
to ensure required read access and the ability for token renewal (ie offline_access
)
On authorisation, I am redirected back to my application and request an access token via https://accounts.atlassian.com/oauth/token
(using the provided redirect code
). This succeeds, and I now have valid access_token
and refresh_token
's
I now issue my first call to JIRA's Cloud REST API: https://api.atlassian.com/oauth/token/accessible-resources
. I use the access_token
that was previously acquired to fetching my sites cloud_id
via this call. This works as expected and I now have my sites cloud_id
I now try a seconds call to JIRA's Cloud REST API: https://api.atlassian.com/ex/jira/{MY_CLOUD_ID}/rest/api/3/search
. I use the access_token
in the same way as before via these request headers:
headers: { 'Authorization': `Bearer { MY_ACCESS_TOKEN }`, 'Accept': 'application/json' }
The response I consistently get back is as follows:
As mentioned, this was working perfectly within the past week or so. Unfortunately, the JIRA documentation doesn't list 403
as a response code for the search method .
Two things ... (1) There was a post earlier this week where someone's search behavior in the cloud changed as well. You may want to look for that post to see how it was resolved (I will look for it in a moment and if I find it, I'll add the link here). He was using "api/3" as are you ... the documentation says "api/3" is in beta. So maybe try with "api/2"?
(2) I don't know if this code will help... it accesses the REST API but the calls I'm making are much different than yours. This is against an on premise version of JIRA (up to date with the latest code). I don't have a cloud instance to test against.
Call for Logging in / Authentication:
Const APIAuthPath = "/rest/auth/1/session"
Sub Call_JIRALogin(pUserName, pPassword)
Dim JIRASendString As String, JIRASendURL As String
JIRASendURL = BaseURL1 & APIAuthPath
JIRASendString = " {"
JIRASendString = JIRASendString & Chr(34) & "username" & Chr(34) & ":" & Chr(34) & pUserName & Chr(34)
JIRASendString = JIRASendString & ","
JIRASendString = JIRASendString & Chr(34) & "password" & Chr(34) & ":" & Chr(34) & pPassword & Chr(34)
JIRASendString = JIRASendString & "}"
Set objHTTP = CreateObject("MSXML2.ServerXMLHTTP")
objHTTP.setOption 2, 13056
With objHTTP
.Open "POST", JIRASendURL, False
.setRequestHeader "Content-Type", "application/json"
.setRequestHeader "Accept", "application/json"
.send (JIRASendString)
CResponse1 = .responseText
cCookie1 = "JSESSIONID=" & Mid(CResponse1, 42, 32) & "; Path=/Jira" '*** Extract the Session-ID
CStatus1 = .Status
End With
Subsequent Calls:
Sub BBB_SingleIssue_Driver(inIssueId)
Dim JIRASendURL
CurrIssue = inIssueId
JIRASendURL = BaseURL1 & "/rest/api/2/issue/" & CurrIssue
With objHTTP
.Open "GET", JIRASendURL, False
.setRequestHeader "Set-Cookie", cCookie1 '*** see Create a "Cookie"
.send
CResponse1 = .responseText
CStatus1 = .Status
End With
If CStatus1 <> 200 Then
MsgBox ("Failed to retrieve issue " & CurrIssue & " status code : " & CStatus1)
GlobalHttpStatus = CStatus1
GlobalHttpResponse = CResponse1
GlobalStep = "Retrieve Issue: " & CurrIssue
GoTo SingleIssueErrOut
End If
' handle a good response
SingleIssueErrOut:
' handle an error
End Sub
The solution in the end was to use Basic Authentication via the Authorization
header when issuing requests to JIRA's Cloud REST API:
https://CLOUD_ID.atlassian.net/rest/api/3/API_METHOD
Headers:
'Authorization': 'Basic ZGFjcmVAb...',
'Accept': 'application/json'
Basic authentication will be removed in the future according to the API documentation , so this is being treated as a stop-gap solution.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.