Uploaded image for project: 'Jira Align'
  1. Jira Align
  2. JIRAALIGN-1462

[JIRAALIGN-1462] API v2.0 : Executing any API call over Swagger's EXECUTE button results in 401 errors


    • Icon: Bug Bug
    • Resolution: Fixed
    • Icon: High High
    • 10.73
    • 10.69, 10.70
    • REST API
    • 8
    • Severity 3 - Minor
    • Batman! - SCORP4

      Issue Summary

      API v2.0 : Executing any API call over Swagger's EXECUTE button results in 401 errors

      Steps to Reproduce

      • API 2.0 feature toggle ID 92 must be enabled
      • User's API token must be valid
      1. Log in to Jira Align, then browse to Swagger UI: https://instance.agilecraft.com/rest/align/api/docs/index.html
      2. At the very beginning of the page, click on the Authorize button, then fill in the Value field with your user's API Token (it can be obtained from your user's profile page)
      3. Click Authorize, notice the Authorized message then click Close to quit the authorisation dialog box
        Notice the Padlock icons now appear closed (meaning the session has been authorised with the provided token)
      4. Browse to /align/api/2/Users/whoami call; click on it to expand
      5. Click on Try it out button; notice the section will expand and new buttons will show up
      6. As this particular call does not require any parameter, just click on Execute button
      7. Notice a visual cue Loading will splash and results will be shown in the underneath fields.

      Actual Results

      • A 401 Unauthorized error code is returned:
         cf-cache-status: DYNAMIC 
         cf-ray: 58f38865a8ef0a14-GIG 
         cf-request-id: 028c13938500000a14cb976200000001 
         content-security-policy: frame-ancestors 'self'; 
         date: Wed, 06 May 2020 14:53:47 GMT 
         expect-ct: max-age=0, report-uri="https://agilecraft0423.report-uri.com/r/d/ct/reportOnly" 
         referrer-policy: strict-origin-when-cross-origin 
         server: cloudflare 
         status: 401 
         strict-transport-security: max-age=15552000; includeSubDomains; preload 
         www-authenticate: Bearer 
         x-content-type-options: nosniff 
         x-frame-options: SAMEORIGIN 
         x-xss-protection: 1; mode=block 

      Expected Results

      • A 200 OK status code with the following data:
            "id": 9999,
            "uid": "9999",
            "firstName": "John",
            "lastName": "Doe",
            "fullName": "John Doe",
            "email": "jdoe@none.com",
            "userStartDate": "2019-07-25T00:00:00Z",
            "userEndDate": null,
            "isExternal": 0,
            "self": "https://instance.agilecraft.com/rest/align/api/2/users/9999"


      Workaround #1

      1. At Swagger, click the Authorize button (padlock icon) to inform token. The Available authorizations dialog box will show up;
      2. In Value field, type in Bearer {token} then click Authorize button. Click Close button.
      3. Note that the padlock icon now shows locked.

      Workaround #2

      • Use UI instead of API

      Workaround #3

      Workaround #4

      When using curl you should specify the authentication type by adding the word "bearer" before the token. it should look like:

      curl -X GET "https://{URL}/rest/align/api/2/{end point}" -H "accept: */*" -H "Authorization: bearer {api key}"

            kforeman@atlassian.com Kyle Foreman
            rcortez@atlassian.com Rodrigo Cortez
            0 Vote for this issue
            11 Start watching this issue