Issue Summary
API v2.0 : Executing any API call over Swagger's EXECUTE button results in 401 errors
Steps to Reproduce
Pre-requisites:
- API 2.0 feature toggle ID 92 must be enabled
- User's API token must be valid
Steps
- Log in to Jira Align, then browse to Swagger UI: https://instance.agilecraft.com/rest/align/api/docs/index.html
- At the very beginning of the page, click on the Authorize button, then fill in the Value field with your user's API Token (it can be obtained from your user's profile page)
- Click Authorize, notice the Authorized message then click Close to quit the authorisation dialog box
Notice the Padlock icons now appear closed (meaning the session has been authorised with the provided token) - Browse to /align/api/2/Users/whoami call; click on it to expand
- Click on Try it out button; notice the section will expand and new buttons will show up
- As this particular call does not require any parameter, just click on Execute button
- Notice a visual cue Loading will splash and results will be shown in the underneath fields.
Actual Results
- A 401 Unauthorized error code is returned:
cf-cache-status: DYNAMIC cf-ray: 58f38865a8ef0a14-GIG cf-request-id: 028c13938500000a14cb976200000001 content-security-policy: frame-ancestors 'self'; date: Wed, 06 May 2020 14:53:47 GMT expect-ct: max-age=0, report-uri="https://agilecraft0423.report-uri.com/r/d/ct/reportOnly" referrer-policy: strict-origin-when-cross-origin server: cloudflare status: 401 strict-transport-security: max-age=15552000; includeSubDomains; preload www-authenticate: Bearer x-content-type-options: nosniff x-frame-options: SAMEORIGIN x-xss-protection: 1; mode=block
Expected Results
- A 200 OK status code with the following data:
{ "id": 9999, "uid": "9999", "firstName": "John", "lastName": "Doe", "fullName": "John Doe", "email": "jdoe@none.com", "userStartDate": "2019-07-25T00:00:00Z", "userEndDate": null, "isExternal": 0, (...) "self": "https://instance.agilecraft.com/rest/align/api/2/users/9999" }
Workaround
Workaround #1
- At Swagger, click the Authorize button (padlock icon) to inform token. The Available authorizations dialog box will show up;
- In Value field, type in Bearer {token} then click Authorize button. Click Close button.
- Note that the padlock icon now shows locked.
Workaround #2
- Use UI instead of API
Workaround #3
- Use an API Client capable of working with bearer token – e.g. Postman API Client
Workaround #4
When using curl you should specify the authentication type by adding the word "bearer" before the token. it should look like:
curl -X GET "https://{URL}/rest/align/api/2/{end point}" -H "accept: */*" -H "Authorization: bearer {api key}"
- resolves
-
ALIGNSP-3059 Loading...
-
ALIGNSP-3127 Loading...
-
ALIGNSP-3209 Loading...
-
ALIGNSP-3265 Loading...
-
ALIGNSP-3412 Loading...
-
ALIGNSP-3472 Loading...
(3 resolves)