Uploaded image for project: 'Jira Platform Cloud'
  1. Jira Platform Cloud
  2. JRACLOUD-81851

Misleading error message when authenticating REST API calls with API Key instead of API Token

XMLWordPrintable

      Issue Summary

      If you mistakenly use the API key (used to manage your organization via the Cloud Admin APIs) to authenticate calls against Jira Cloud REST API endpoints, you get below error message in return:

      Basic authentication with passwords is deprecated. For more information, see: https://confluence.atlassian.com/cloud/deprecation-of-basic-authentication-with-passwords-for-jira-and-confluence-apis-972355348.html

      Having a bit more generic/useful error message would be better.

      Something like:

      Authentication failed. Make sure you are using the email address and API Token (not API Key) to authenticate. For more details see: https://confluence.atlassian.com/cloud/deprecation-of-basic-authentication-with-passwords-for-jira-and-confluence-apis-972355348.html

       

      Also, the link returned should explicitly mention the differences between API key and API Token.

       

      Steps to Reproduce

      1. Try to authenticate any Jira REST API call using an API key instead of an API Token 

      Expected Results

      A generic error message saying the authentication failed is returned 

      Actual Results

      A very specific error message about basic authentication with password being deprecated is returned:

      Basic authentication with passwords is deprecated. For more information, see: https://confluence.atlassian.com/cloud/deprecation-of-basic-authentication-with-passwords-for-jira-and-confluence-apis-972355348.html

      Workaround

      No workaround.

          Form Name

            [JRACLOUD-81851] Misleading error message when authenticating REST API calls with API Key instead of API Token

            Anusha Rutnam added a comment -
            Atlassian Update - February 2024

            As I did not receive any responses to this comment I am closing this ticket.

            If you do not think this issue should have been closed, please add a comment here saying why and we can reopen it.

            Anusha Rutnam added a comment - Atlassian Update - February 2024 As I did not receive any responses to this comment I am closing this ticket. If you do not think this issue should have been closed, please add a comment here saying why and we can reopen it.

            Anusha Rutnam added a comment -

            Do the watchers of this ticket still experience this issue? I am not able to reproduce it but we did notice a new issue which is tracked in the following bug: JRACLOUD-82932 – Misleading 200 status code when using incorrect credentials in REST API calls

            Anusha Rutnam added a comment - Do the watchers of this ticket still experience this issue? I am not able to reproduce it but we did notice a new issue which is tracked in the following bug: JRACLOUD-82932 – Misleading 200 status code when using incorrect credentials in REST API calls

            Teodor Hoza added a comment -

            Hi, usually when this deprecation error occurs you are not using the e-mail address as username. 
            To me it happened when I tried using it as firstname.lastname
            Then I changed the user name to firstname.lastname@mydomain.com and it worked.

            Teodor Hoza added a comment - Hi, usually when this deprecation error occurs you are not using the e-mail address as username.  To me it happened when I tried using it as firstname.lastname Then I changed the user name to firstname.lastname@mydomain.com and it worked.

              Unassigned Unassigned
              dbonotto Dario B
              Affected customers:
              1 This affects my team
              Watchers:
              6 Start watching this issue

                Created:
                Updated:
                Resolved: