403 Forbidden Error on JIRA rest-API call

I’m making a GET call to get JIRA comments but receiving response 403 error.
Using JavaScript - XHR to make the call.

Following is my code:

ticketno variable inputs dynamic issue number.

Tested the api call with the same Authorization Credentials via POSTMAN, and getting the desired response.

It would be great if anyone can suggest what I’m doing wrong or missing here.


Hello @AnushkaTrivedi

You’ve redacted the whole basic auth header section, so we can’t tell what’s under there.

Can it be assumed you converted the username:token pair into a Base64 string first? (which Postman does automatically)

PS. Please don’t paste screen grabs of code, as they can’t be parsed and indexed. Paste the actual code and mark it as such.

Hey @sunnyape,
Thanks for your reply.

Yes, I converted the username:token into a Base64 string.

Please find the code snippet below:

var xhr = new XMLHttpRequest();
    xhr.withCredentials = true;

    xhr.addEventListener("readystatechange", function () {
        if (this.readyState === 4) {

    xhr.open("GET", "https://<my-domain>.atlassian.net/rest/api/3/issue/" + ticketno + "/comment");
    xhr.setRequestHeader("Accept", "application/json");
    xhr.setRequestHeader("Content-Type", "application/json");
    xhr.setRequestHeader("Authorization", "Basic cnMtZXhzZC1hcGlAc3luZGlnby5jb206MDNvRWJpWHZXR0Smw2Q1NUY3JBMzM1");

Do you have any message with your 403 response ?

Regarding the tools you are using and XHR being a browser object, it may be a CORS issue.

Hi @JonathanPatient,

I’m using CORS unblock for local testing. Triggering the api from http://localhost

Following is received in my console

“Failed to load resource: the server responded with a status of 403 ()”