Forums
Home Product Q&A Discussion groups Articles Ask a question Search
Learning
Events
Champions

Forums

Articles
Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Product Q&A
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Getting 403 - Permission Denied through Jira REST API POST request.

Dustin
Dustin February 21, 2018

I'm trying to make a post request to perform a transition (transition issue to Done), but it keeps giving me a 403 error. I don't think this is a permissions error (ironically), as I am able to make GET requests with the same Auth info, and I can make the exact POST request via CURL just fine. What is it about making the POST request through AJAX that causes the 403?

Answer
Watch
Like Be the first to like this
25842 views

1 answer

1 vote
Thomas Deiler
Thomas Deiler
Community Champion
February 21, 2018

Dear @Dustin,

can you please post the JSON errorMessage?

So long

Thomas

View More Comments
Dustin
Dustin February 21, 2018 
{
  "readyState":4,
  "responseText":"XSRF check failed",
  "status":403,
  "statusText":"error" 
}
Like
Dustin
Dustin February 21, 2018

@Thomas Deiler ^^

Like
Thomas Deiler
Thomas Deiler
Community Champion
February 22, 2018

Dear @Dustin,

you have to add headers:

"Content-Type", "application/json"

"accept", "application/json"

"X-Atlassian-Token", "nocheck"

So long

Thomas

Like Harinath T likes this
Dustin
Dustin February 22, 2018

Hey @Thomas Deiler, I tried those headers, still getting same response. According to this article: https://confluence.atlassian.com/cloudkb/xsrf-check-failed-when-calling-cloud-apis-826874382.html, you can't make XSRF protected requests through the browser. Do you think that's the case here?

Like
Thomas Deiler
Thomas Deiler
Community Champion
February 22, 2018

Dear @Dustin,

the article describes exactly the case with the REST Api. They just add the third header and leave the others away. Can you check this?

So long

Thomas

Like
Dustin
Dustin February 22, 2018 
Note that this is only available for requests made by command line tools
or external systems, not browser requests. This is because the
Cross Origin Resource Sharing specification does not allow JavaScript 
loaded in third party websites to set arbitrary request headers.

So this only helps for CURL, not Javascript code? Because it does work with curl. Or am I missing something @Thomas Deiler

Like
Thomas Deiler
Thomas Deiler
Community Champion
February 22, 2018

Dear @Dustin,

this has nothing to do with curl or anything else. Regardless with which library you communicate with the REST API, you have to follow the rules of the API - that's same for all. Otherwise it wouldn't be an API.

So long

Thomas

Like
Thomas Deiler
Thomas Deiler
Community Champion
February 25, 2018

Dear @Dustin,

have you been successful meanwhile?

So long

Thomas

Like
zzw8200465323
zzw8200465323 June 5, 2019

I also encountered the same problem@Thomas Deiler 

Like
zzw8200465323
zzw8200465323 June 5, 2019 
const httpClient = await addon.httpClient({ addon: addon, clientKey: '5d5659b6-09f0-3482-bfa2-0405c4818f1e' }); 
httpClient.del({ url: 'rest/api/3/project/10002', 
headers: { 
'Accept': 'application/json', 
'Content-Type': 'application/json', 
'X-Atlassian-Token': 'nocheck' } }, 
(err, response, body) => 
{ res.send(`body = ${body}`);  });
//403

 @Thomas Deiler  

The same, I can get data using get request

const httpClient = await addon.httpClient({ addon: addon, clientKey: '5d5659b6-09f0-3482-bfa2-0405c4818f1e' }); 
httpClient.get('rest/api/3/mypermissions', function (err, response, body) { res.send(`body = ${body}`); });
//success
Like
Brandon Miller
Brandon Miller
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
Get involved
June 14, 2019

Any updates on this one? I'm running into the same thing. I'm able to get my POSTs working v ia Postman, but I'm trying to create a Microsoft Flow connector and it keeps throwing the XSRF check failed error

Like
Thomas Deiler
Thomas Deiler
Community Champion
July 13, 2019

Dear @Brandon Miller  and @zzw8200465323 ,

can you please post the JSON dump that is sent to Jira, that is causing the problems?

So long

Thomas

Like
Like
Like
Thomas Deiler
Thomas Deiler
Community Champion
July 15, 2019

@zzw8200465323 good! With your link information the question seems to be answered. Can you mark it?

Thanks

Thomas

Like
Reply

Suggest an answer

Log in or Sign up to answer
Jira
Jira
TAGS
AUG Leaders

Atlassian Community Events

    See all events
    Community
    Forums
    FAQs Forums guidelines
    Learning
    About learning Resources
    Events
    Champions
    Copyright © 2025 Atlassian
    Privacy Policy Terms Security
    Welcome illustration

    Welcome to the new Atlassian Community

    Online forums and learning are now in one easy-to-use experience.

    By continuing, you accept the updated Community Terms of Use and acknowledge the Privacy Policy. Your public name, photo, and achievements may be publicly visible and available in search engines.