Assets API returning 401 for all requests

ray_rarey · September 14, 2025, 12:05am

Recently noticed that Connect JWT Bearer Token auth calls to Assets API endpoints such as
https://api.atlassian.com/jsm/assets/workspace/{workspaceId}/v1/objectschema/list

Are returning a 401: Unauthorized response despite the impersonated user having the appropriate JSM license and permissions to call this API. This is happening for multiple test instances with different workspace IDs. I don’t see anything from Atlassian about the authentication requirements for these endpoints changing.

anon96974232 · September 14, 2025, 11:26pm

Hello @ray_rarey

In your example request URL, it starts with ‘https://api.atlassian.com’ but you said you are making the request from a Connect app and using a JWT token.

In that scenario, shouldn’t the path start with the JSM site name?

https://{JSMSiteName}/jsm/assets/workspace/{workspaceId}/v1/objectschema/list

ray_rarey · September 15, 2025, 1:26am

Hi @anon96974232,

We had considered this because the documentation is a little vague. Although calls to the endpoints I mentioned in my first post had previously been working properly. In the interest of being thorough, we did test with the {JSMSiteName} base instead of the api.atlassian.com base, but those calls return a 404 instead of a 401.

anon96974232 · September 15, 2025, 2:38am

OK.

I’m using the https://api.atlassian.com base path for my requests, but I’m using OAuth and haven’t noticed any changes to access permissions.

I don’t use Connect + JWT or Basic Auth any more, so can’t comment any further on changes that would affect a single user’s permissions to that endpoint.

t-bundt · September 15, 2025, 1:15pm

You can use https://{JSMSiteName}.atlassian.net/gateway/api/jsm/assets/workspace/{workspaceId}/v1 to access assets from a Connect app using JWT. Just checked it again and it’s still working.

LaisZagattiPedro · September 15, 2025, 3:50pm

We are having the same problem. The issue started on Friday, Sept 12th. Things were fine before that. The URL you sent doesn’t work for us.

I have a ticket opened with support but it has not been solved. All JSM endpoints are returning 401 - Unauthorized at the moment.

ray_rarey · September 15, 2025, 4:19pm

@LaisZagattiPedro , thank you for posting this! I was starting to think I was going crazy. Please let us know if Atlassian resolves the issue for you.

LaisZagattiPedro · September 17, 2025, 1:50pm

@ray_rarey API seems to be working now!

ray_rarey · September 17, 2025, 1:52pm

@LaisZagattiPedro I was just coming here to say the same thing! Not sure what happened but everything looks good from our end now as well.