Oauth2 REST API calls towards wrong endpoint are returning 401 instead of 404

XMLWordPrintable

    • Severity 3 - Minor

      Issue Summary

      When sending a REST API request authenticated using Oauth2 (3LO) to a mispelled/wrong REST API endpoint, status code 401 (unauthorized) is returned instead of 404 (not found).

      This is misleading since the customers think the authentication is broken instead of trying to check whether the endpoint they are using is correct.

      Steps to Reproduce

      1. Send a REST API call toward the https://api.atlassian.com/ex/confluence/[CLOUD-ID]/wiki/rest/api/group?... endpoint
      2. See that the request is successful.
      3. Now add an extra 's' to the endpoint so that's "groups" instead of "group" https://api.atlassian.com/ex/confluence/[CLOUD-ID]/wiki/rest/api/groups?....

      Expected Results

      Since the endpoint is wrong/misspelled, we expect to get 404 - Not found

      Actual Results

      Status code 401 - Unauthorized is returned instead

      Workaround

      No workaround available at the moment.

              Assignee:
              Unassigned
              Reporter:
              Dario B
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

                Created:
                Updated: