I am trying to search issues within a certain project called Ped Match with a key of MATCH. By using the Advanced Search in the Jira dashboard, I am able to successfully retrieve issues with the following jql strings (Searching for issues):
project = "Ped Match"project = MATCH
Unfortunately, when attempting to retrieve issues from the same project through Jira’s search API, I get a response like so: "errorMessages":["The value 'MATCH' does not exist for the field 'project'."]. Jira REST API doc for reference. Below is the curl command I am using:
curl command
curl -H "cookie: JSESSIONID=123" -H "Content-Type: application/json" -d '{
"startAt": 0,
"fields": [
"project"
],
"jql": "project=MATCH"
}' https://my.atlassian.domain/rest/api/2/search/
Other projects are recognized using the same curl command but with different keys.
Questions
- Could there be some restriction for the MATCH project that would prevent the issues from returning?
- If not number 1, then what would cause MATCH to have issues, but not other projects?
Hi, @cameron.crouch.
With the assumption that this is for a cloud deployment, kindly check if the user in the curl command has the Browse Project permission for “Ped Match” project. To rule out any Browse Project permission cause, grant the group “Anyone” permission and try it again; if you still cannot get a positive result, then it may not be a Browse Project permission concern.
Cheers,
Ian
1 Like
Hey Ian,
Thanks for your response, and apologies for my late response. My project administrator set me up to browse the project. I am able to access the project through the API via Chrome after logging into my Jira account. Unfortunately, I still cannot use a curl command to view the JSON. I still receive the same error message as described above.
The message is the same one I receive in the Jira Dashboard when trying to search issues through the Advanced search (for projects that I do not have browse permissions for). It is a misleading message because there really is a “value of ‘MATCH’ that exists for the field ‘project’”, Jira is just telling me there is not because I do not have the rights to view it (right?).
Thanks,
Cameron
P.S. This is what my administrator saw after updating browse permissions for MATCH
Hi @cameron.crouch,
API error messages can often be confusing, because from a security perspective, the reason for sending a “not found” (404) or “bad request” (400) instead of an"access denied" (403) is to not give away information during a potential attack.
Can you make any other API calls successfully via curl with your injected cookie? Just wondering if your cookie in the curl request is actually working. (try and rule that out)
Take care,
Neil
Hey Neil,
Thank you for that insight. I had not considered the security aspect. Other endpoints seem to work fine (e.g. /priority, /project, /resolution) with my cookie.
Thanks,
Cameron
Perhaps one more round of deduction. Can you make the API call using your admin’s account to see whether or not you get the same error?
