Forums
Home Product Q&A Discussion groups Articles Ask a question Search
Learning
Events

Forums

Articles
Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Product Q&A
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

JIRA REST API - 401 Unauthorised - for administrator level user

OharaSi
OharaSi March 5, 2013

I've been trying for days to use the REST api via basic http auth using curl (this is just the first step toward using the api in an app!) but keep getting a 401 response. I've looked everywhere throughout the configuration settings, user preferences etc and can find anything else to change. What am I doing wrong?

Mode: Private

Accept remote API calls: ON

example curl:

$ curl -D- -u uname:pword -X GET -H "Content-Type: application/json" https://myjira.atlassian.net/jira/rest/api/2/project

From the documentation I can find this is all I should need and should be providing me with JSON data but I get 401. Is there a setting somewhere (undocumented) that will allow my user account to access the data from this on-demand instance?

Answer
Watch
Like # people like this
5695 views

7 answers

1 accepted

1 vote
Answer accepted
OharaSi
OharaSi October 23, 2013

I found that (after a lot of research and frustration with the documentation) the issue was I was trying to interface with the JIRA restful API - which wasnt what I needed in the end! Instead I needed to be interfacing the GreenHopper restful API. This resolved all of my issues. Heres a few examples that might help:

List of Sprints from RapidView Board

curl -D- -u username:password -X GET -H "Content-Type: application/json" "https://myjira.atlassian.net/rest/greenhopper/1.0/sprints/<rapid_board_id>"

Long Sprint Summary

curl -D- -u username:password -X GET -H "Content-Type: application/json" "https://myjira.atlassian.net/rest/greenhopper/1.0/rapid/charts/sprintreport?rapidViewId=<rapid_board_id>&sprintId=<sprint_id>"

Short Sprint Summary for points

curl -D- -u username:password -X GET -H "Content-Type: application/json" "https://myjira.atlassian.net/rest/greenhopper/1.0/sprint/complete/model?rapidViewId=<rapid_board_id>&sprintId=<sprint_id>"

There are a number of others. Once I realised that the front-end UI of JIRA OnDemand was using the restful APIs I was after I payed special attention to the url as I browsed around my account and was able to use most of them in the application I built.

The documentation doesnt really reference GreenHopper anymore - Im wondering if they are absorbing it into the core?

Hope that helps!

Reply
1 vote
Joakim Söderberg
Joakim Söderberg February 6, 2017

Note that if you are logging in via a sync Google account, it is NOT the google password you are supposed to use. Also it is not the email.

Instead you should go to your user profile and look up your username and set a password.

https://confluence.atlassian.com/cloud/manage-your-profile-and-password-744721602.html

For site admin functions, RSS feeds, REST API access, or WebDAV uploads you'll need to have an Atlassian Cloud password (separate to your Google Apps password. If you haven't set an Atlassian Cloud password, go to the login page and choose Unable to access your account? in the Atlassian Cloud login section.

Of course it makes no sense that this information is not available on the REST API documentation page, since it is quite crucial to get it working.

Reply
0 votes
Deleted user October 17, 2013

We are experiencing the same issue here. I was wondering if Michael's response fixed your issue, OharaSi, or if you found a different resolution. Thanks!

View More Comments
OharaSi
OharaSi October 23, 2013

Hey Leslie - I've posted my answer - which is how I resolved it in the end.

Like
Reply
0 votes
Deleted user June 17, 2013

This might a little late, but if you're still having this problem can you show what the actual details that come back are? Is it a 'Forbidden' html page? Also, when you successfully login through the browser is it allowing normal login or do you need to solve a captcha?

Reply
0 votes
Michael Knight
Michael Knight
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
March 5, 2013

The URL is a little bit off. You don't need the /jira part, so it should be

https://<example>.atlassian.net/rest/api/2/project

Otherwise it looks like it should work.

View More Comments
OharaSi
OharaSi March 5, 2013

Thanks for your answer Michael, however I get the same response. Its got to be some configuration setting for my user account - we haven't set up a consumer key for OAuth yet - but assumed the basic auth for http wouldnt need it. Also, the documentation at http://docs.atlassian.com/jira/REST/latest/ uses the /jira in all of the examples at the bottom.

Here is the headers from the response using the command $ curl -D- -u uname:pword -X GET -H "Content-Type: application/json"https://myjira.atlassian.net/rest/api/2/project

HTTP/1.1 401 Unauthorized

Server: nginx

Date: Wed, 06 Mar 2013 08:58:57 GMT

Content-Type: text/html;charset=UTF-8

Transfer-Encoding: chunked

Connection: keep-alive

X-AREQUESTID: 538x238122x1

Set-Cookie: JSESSIONID=D02A638EE72BA51844F7B104D6AD3C54; Path=/; HttpOnly

Set-Cookie: studio.crowd.tokenkey=""; Domain=.myjira.atlassian.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/; HttpOnly

X-Seraph-LoginReason: OUT

Set-Cookie: studio.crowd.tokenkey=""; Domain=. myjira.atlassian.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/; HttpOnly

X-Seraph-LoginReason: AUTHENTICATED_FAILED

Set-Cookie: studio.crowd.tokenkey=""; Domain=. myjira.atlassian.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/; HttpOnly

Set-Cookie: studio.crowd.tokenkey=""; Domain=. myjira.atlassian.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/; HttpOnly

X-Seraph-LoginReason: AUTHENTICATED_FAILED

WWW-Authenticate: OAuth realm="https%3A%2F%2Fmyjira.atlassian.net"

X-Content-Type-Options: nosniff

Vary: Accept-Encoding

---------------

The problem seems to be with the user account I'm using so will try with others. I also noted in the header response that there is an empty value for the studio.crowd.tokenkey in the cookie that is delivered (4 times for some reason).

Like
Michael Knight
Michael Knight
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
March 6, 2013

Do you happen to use Google Apps authentication with your OnDemand instance? If so, you will need to use your OnDemand password (not your Google Apps password) to authenticate.

OnDemand will have prompted you to set an OnDemand password when you first logged in with Google Apps. If you have forgotten it, you can have an administrator set a password for you.

Like
Hans Pikkemaat
Hans Pikkemaat June 15, 2017

If I remember correctly, if you get the header

X-Seraph-LoginReason: AUTHENTICATED_FAILED

This means you activate a protection system because of too many failed logins.

If this happens you would get a captcha in the web interface. But the REST api clearly cannot support this.

Like
Reply
0 votes
OharaSi
OharaSi March 5, 2013

I can also successfully log in with uname:pword through the browser.

Reply
0 votes
OharaSi
OharaSi March 5, 2013

Just for Atlassians reference - it would be handy if the online support were a little more user friendly - this example from github is straight to the point, sets expectation and walks you through the process easily: https://help.github.com/articles/generating-ssh-keys

Also left this as feedback through ondemand

Reply

Suggest an answer

Log in or Sign up to answer
Jira
Jira
TAGS
AUG Leaders

Atlassian Community Events

    See all events
    Community
    Forums
    FAQs Forums guidelines
    Learning
    About learning Resources
    Events
    Copyright © 2025 Atlassian
    Privacy Policy Terms Security
    Welcome illustration

    Welcome to the new Atlassian Community

    Online forums and learning are now in one easy-to-use experience.

    By continuing, you accept the updated Community Terms of Use and acknowledge the Privacy Policy. Your public name, photo, and achievements may be publicly visible and available in search engines.