Loading...

XML

Word

Printable

Details

Type: Bug
Resolution: Fixed
Priority: Low
Component/s: Documentation, Ecosystem
Labels:
None

Support reference count:
3
Symptom Severity:
Severity 2 - Major
Bug Fix Policy:
View Atlassian Cloud bug fix policy

Description

Summary

Many examples on the Jira Core REST API v2 and v3 are setting the header for Bearer authentication: "Authentication: Bearer <api_token>"

This is confusing and often we can see in support tickets or in community threads that customers believe they have to use the API Token (that is supposed to be used for Basic Authentication only) as the <api_token>.

It should be made clear that the header "Authentication: Bearer <api_token>" is intended to be used for Oauth only.

Steps to Reproduce

Go to https://developer.atlassian.com/cloud/jira/platform/rest/v3
Search for an example related to any endpoint you may want to use, e.g. GET issue

Expected Results

The example should either not include authorization headers like the below one or show how to autenticate the requests in curl:

curl --request GET \
  --url 'https://CLOUD_INSTANCE/rest/api/3/issue/{issueIdOrKey}' \
  --header 'Accept: application/json'

OR:

curl -u <EMAIL_ADDRESS>:<API_TOKEN> \
  -H 'Accept: application/json' \
  -X GET 'https://CLOUD_INSTANCE/rest/api/3/issue/{issueIdOrKey}'

Actual Results

The example is setting the header for Bearer Authentication followed by the <access_token> that many customers are confusing with the API Token

curl --request GET \
  --url '/rest/api/2/issue/createmeta' \
  --header 'Authorization: Bearer <access_token>' \
  --header 'Accept: application/json'

Workaround

Use the below format to authenticate REST API calls with Curl depending on the kind of authentication:

Basic Authentication

curl -u <EMAIL_ADDRESS>:<API_TOKEN> ... [followed by the headers, method, body (if any) and url]

curl --header "Authorization: Basic XXXXXXXX" ... [followed by the other headers, method, body (if any) and url]

Where XXXXXXXX is the string <EMAIL_ADDRESS>:<API_TOKEN> encoded in base64. For more details please review: https://developer.atlassian.com/cloud/jira/platform/jira-rest-api-basic-authentication/

Oauth:
```
curl --header "Authorization: Bearer XXXXXXXX" ... [followed by the other headers, method, body (if any) and url] 
```
Where XXXXXXXX is the access token obtained as explained in: https://developer.atlassian.com/cloud/jira/platform/jira-rest-api-oauth-authentication/

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending
- Thumbnails
- List

Screen Shot 2019-07-09 at 3.17.36 pm.png
118 kB
09/Jul/2019 7:02 AM

Issue Links

is resolved by: CRANE-2242 Loading...

mentioned in: Page Loading...

Activity

People

Assignee:: Robert Massaioli (Atlassian)

Reporter:: Dario B

Votes:: 0 Vote for this issue

Watchers:: 9 Start watching this issue

Dates

Created:: 03/Jul/2019 2:55 PM

Updated:: 18/Sep/2023 2:05 PM

Resolved:: 22/Aug/2019 8:11 AM