Clarification on /rest/api/3/serverInfo authentication and reliable way to determine Jira deployment type

Jira Development Jira Cloud
, , ,
1

Hi Community,

We are implementing OAuth 2.0 for our Jira Connector (Smartsheet) and need a reliable way to determine the Jira deployment type (Cloud vs Data Center) when only the hostUrl is available.

  • Initial approach: We checked if the hostUrl contained atlassian.net to detect Cloud.

  • Issue: Jira Cloud can also run on custom domains, so this check isn’t reliable.

  • Current approach: We are using GET /rest/api/3/serverInfo as it provides deployment information.

In our testing across multiple Jira Cloud instances, this endpoint responded successfully without requiring authentication. However, the documentation mentions it may return 401 Unauthorized.

We would like clarification on the following:

  1. Is /rest/api/3/serverInfo considered a public unauthenticated API for Jira Cloud?

  2. Under what conditions would it return 401 Unauthorized?

  3. Is there an alternative or recommended way to reliably determine deployment type given only a Jira hostUrl?

This will help us handle edge cases more effectively in our integration

2

Hello @AnubhavAgrawal

However, the documentation mentions it may return 401 Unauthorized.

As per the previous time you raised this same question a few weeks ago, if you refer to the documentation you will see that every single GET endpoint in the entire API set has the functionality to provide a standard 401 Unauthorised response. A 401 Unauthorised response will be returned ONLY IF authorisation is attempted AND that authorisation is invalid for that endpoint’s requirements.

Therefore:

  1. If no / invalid authorisation is provided on an endpoint that requires authorisation, then you will get a 401 Unauthorised response.
  2. If no authorisation is provided on an endpoint that accepts anonymous requests by default, then you will not get a 401 Unauthorised response.

So, as long as you don’t ever attempt to use authentication on the Get Jira instance info endpoint, you will never get a401 Unauthorised response.

1 Like