Authentication for the Personal data reporting API (Oauth2 type)


I am working on the Personal data reporting API, which is required for the Jira App that I created.

  1. I created an OAuth 2.0 (3LO) jira APP. And added the “Personal data reporting API” in the permission portal of the developer console.

  2. The guide for the personal data reporting API ( does not state which credential is required to call the Personal data reporting API (or report-accounts API). It just says “Authentication: OAuth 2.0 authorization code grants”.


I did not provide any credential in the header for the active testing accountId. The request failed with 401.

I wonder if this API needs the access token of this accountId in the request header.
But the guide says each request allows up to 90 accounts to be reported. If a request has a batch of 90 accountIds, what credential is required to authorize the request?


Another screenshot for the failed request with the active testing accountId:

When I provided an access token (but the access token is not associated with testing accountIds), the report-accounts request succeeded. I wonder if this a reasonable behavior.
See the successful request below:

@weizhou from testing, it appears that any bearer token appears to work. That being said, I suggest that you use a bearer token from the user/account that owns the 3LO app (to reduce chance of auth token revocation).

I’ll engage some folks internally about getting the API docs updated with this suggestion. Thanks!

1 Like