When I make requests using the OAuth based rest endpoint the integration works perfectly for most issues, but others, specifically Risks return a 404.
The same requests using my API Token work fine.
I have given myself every single scope and still no luck.
Any ideas?
Hello @SteveWinter
For anyone to be able to help, you’ll need to supply significantly more information regarding the circumstances such as the specific API endpoint, the request method, what language / toolset / libraries are being used, what documentation is being referenced, what tests have been done etc etc.
Please refer to the How to ask a good question thread for a starting point.
Apologies you are correct, I somewhat naively hoped this would be obvious to the experts!
| Authentication Method | Issue Type | Outcome |
|---|---|---|
| OAuth | Issue | Success |
| OAuth | Risk | 404 |
| API Token | Issue | Success |
| API Token | Risk | Success |
I have given the OAuth account every Jira Classic Scope, so my assumption is it is not a scope issue.
ISSUE - both work correctly
curl --request GET \
--url 'https://api.atlassian.com/ex/jira/[REMOVED]/rest/api/3/issue/ISSUE-123' \
-H 'accept: application/json' \
-H 'authorization: Bearer ACCESS_TOKEN' \
curl --request GET \
--url 'https://REMOVED.atlassian.net/rest/api/3/issue/ISSUE-123' \
--user 'USERNAME:API_TOKEN' \
-H 'Accept: application/json'
Risk OAuth Access
RISK Request
curl --request GET \
--url 'https://api.atlassian.com/ex/jira/[REMOVED]/rest/api/3/issue/RISK-123' \
-H 'accept: application/json' \
-H 'authorization: Bearer ACCESS_TOKEN' \
Response 404
{"errorMessages":["Issue does not exist or you do not have permission to see it."],"errors":{}}%
Risk API Token Access
curl --request GET \
--url 'https://REMOVED.atlassian.net/rest/api/3/issue/RISK-123' \
--user 'USERNAME:API_TOKEN' \
-H 'Accept: application/json'
Response 200 + expected JSON
Hmmm. If you’ve allocated the Classic scope of read:jira-work to the OAuth session, then that’s all that’s needed. I’d be inclined to think it’s not a scope problem either, but an Issue permission problem… the user account associated with those OAuth credentials can’t access that Issue type in that Project.
Given that there is no default Issue type of Risk in Jira Cloud, it is a custom type that someone has created and put in screen and permission schemes per Project, so I’d be included to investigate there first.
Does the OAuth problem happen:
It might be something as simple as not noticing that the Basic credentials belong to a different user than the OAuth credentials.
Thanks. I will try some variations of issue types. The OAuth credential and the API Token credential are both attached to my account.
I got to the bottom of this, so sharing in case anyone else gets into this situation.
When you use the OAuth 3LO you create a path: https://api.atlassian.com/ex/jira/{cloudid}/{api}
I was using my Sandbox CloudID, not my main CloudID. This resulted in the inconsistent experience.
The issue was my own. When using the 3LO flow you set a cloudID. https://api.atlassian.com/ex/jira/{cloudid}/{api}
I was using the Sandbox cloudId, not the main one, which was giving the inconsistent experience.
Ahh, it’s always the little things late on Friday night eh?