Constant 401 with new token for Basic auth

SeanCharles · March 21, 2024, 1:16pm

Hi,
I created a key, ran it through the instructions:

echo -n myemail:api_key to get a base64 encoded string, a very long one actually, the super short example of ‘fred:fred’ doesn’t really inspire confidence.

My curl request is,

curl -D- \
   -X GET \
   -H "Authorization: Basic $API_KEY" \
   -H "Content-Type: application/json" \
   "https://citation.atlassian.net/rest/api/2/issue/CYB-573"

It’s run from a bash script the API_KEY is the output from the base64 command
When I run it i get 401 and I see no reason for it as I have followed the instructions to generate the Basic value to the letter.

Unauthorized (401)

Encountered a "401 - Unauthorized" error while loading this page.

Go to Jira home

I’ve spent ages trawling 400 odd search results before posting!

Can you help me resolve this, I am wanting to write just a simple app to enumerate issues and pull a release note from each.

Thank you very much,
Sean Charles.

ibuchanan · March 21, 2024, 2:29pm

Welcome to the Atlassian developer community @SeanCharles,

Maybe it’s easier and more reliable to use curl -u $EMAIL:$API_TOKEN rather than separate the base64 encoding?

SeanCharles · March 21, 2024, 3:24pm

I will try that but I was only using the samples provided on your docs pages and I expected it to work that’s all, I will try the suggested approach and report back!

Thanks for quick response though.

Dario_B · March 21, 2024, 4:17pm

Hi @SeanCharles ,

Can you kindly point to the documentation you are following? Based on your provided example there are chances you are following the REST API documentation for Jira OnPrem while you actually have a Jira Cloud site.

Also, just to make sure there’s no misunderstanding caused by the similar names involved here, please notice that API Key and API Token are 2 different things used to authenticate different kinds of REST APIs.

For details please see:

Cheers,
Dario

SeanCharles · March 21, 2024, 4:40pm

I didn’t realise what type of account, I’ve literally been asked to do something, never used the Jira API before and I guess it shows!

I think you may well have spotted my confusion already regarding docs I referred to, I ussed this page

https://developer.atlassian.com/cloud/jira/platform/rest/v2/api-group-issues/#api-rest-api-2-issue-issueidorkey-get

I will reset my brain to know now it’s a Jira Cloud and start again I guess… it’s always the same learning a new API !!

Thanks again.

SeanCharles · March 21, 2024, 4:48pm

https://developer.atlassian.com/cloud/jira/platform/basic-auth-for-rest-apis/

that page is where I got the notion of using base64 etc to generate the value for trhe curl request

It is referenced from

https://developer.atlassian.com/cloud/jira/platform/rest/v3/intro/#version

which is what I am now reading

Dario_B · March 22, 2024, 10:42am

Hi @SeanCharles ,

That is indeed the right documentation explaining how to authenticate rest api calls using the API Token. Can you kindly let me know if this is now working?

In case it is not, can you try to run send REST API request using Curl and also paste the same REST API endpoint in your browser address bar while already authenticated into your Jira site (https://citation.atlassian.net/rest/api/3/project/search should return the list of all the projects you have access to) and see if you get the same results (remember to replace email@example.com:<api_token> with the correct values)?

curl --request GET --url 'https://citation.atlassian.net/rest/api/3/project/search' --user 'email@example.com:<api_token>' --header 'Accept: application/json'

This way we can check if the problem is with the authorization header or if it is something else.

Cheers,
Dario

SeanCharles · March 22, 2024, 3:34pm

No chance to work on it, might have a weekend warrior thrash, thanks for the prompt help though, I am sure I’ll get it to work at some point!

Thanks again, will let you know either way!
This is a nice forum!!

SeanCharles · March 22, 2024, 5:25pm

OK, I generated a new API token to be sure, copied that and still no data is returned although I am no longer getting the 401 issues so that’s progress.

When using my logged in Jira session, and passting the command, I get the expected data:

{
    "self": "https://citation.atlassian.net/rest/api/3/project/search?maxResults=50&startAt=0",
    "maxResults": 50,
    "startAt": 0,
    "total": 50,
    "isLast": true,
    "values": [
        {
            "expand": "description,lead,issueTypes,url,projectKeys,permissions,insight",
            "self": "https://citation.atlassian.net/rest/api/3/project/12543",
            "id": "12543",
            "key": "A3L",
            "name": "Atlas 3rd Line - Test (UAT)",
            "avatarUrls": {
                "48x48": "https://citation.atlassian.net/rest/api/3/universal_avatar/view/type/project/avatar/13424",
                "24x24": "https://citation.atlassian.net/rest/api/3/universal_avatar/view/type/project/avatar/13424?size=small",
                "16x16": "https://citation.atlassian.net/rest/api/3/universal_avatar/view/type/project/avatar/13424?size=xsmall",
                "32x32": "https://citation.atlassian.net/rest/api/3/universal_avatar/view/type/project/avatar/13424?size=medium"
            },
            "projectTypeKey": "software",
            "simplified": false,
            "style": "classic",
            "isPrivate": false,
            "properties": {}
        },

I then double checked the email address used as my profile, and then used the new API_TOKEN, I enabled verbose mode for curl, it responds 200 OK but still no data! WE ARE CLOSE, I feel it in my bones!

Here is the curl output and the request:

curl \
-vvv          \
--request GET \
--url    'https://citation.atlassian.net/rest/api/3/project/search' \
--user   'sean.charles@citation.co.uk:$API_TOKEN' \
--header 'Accept: application/json'

and the output:

>
* TLSv1.2 (IN), TLS header, Supplemental data (23):
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
* old SSL session ID is stale, removing
* TLSv1.2 (IN), TLS header, Supplemental data (23):
* Connection state changed (MAX_CONCURRENT_STREAMS == 64)!
* TLSv1.2 (OUT), TLS header, Supplemental data (23):
* TLSv1.2 (IN), TLS header, Supplemental data (23):
< HTTP/2 200
< date: Fri, 22 Mar 2024 17:24:01 GMT
< content-type: application/json;charset=UTF-8
< server: AtlassianEdge
< timing-allow-origin: *
< x-arequestid: 77d190c3491d08641f92c5fca5e70adf
< x-seraph-loginreason: AUTHENTICATED_FAILED
< set-cookie: atlassian.xsrf.token=a20ecab8dd12604d36186174ebe902619c04de22_lout; Path=/; SameSite=None; Secure
< cache-control: no-cache, no-store, no-transform
< vary: Accept-Encoding
< x-content-type-options: nosniff
< x-xss-protection: 1; mode=block
< atl-traceid: 83c3b2ab0de043a48505ca045f1ac929
< strict-transport-security: max-age=63072000; includeSubDomains; preload
< report-to: {"endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], "group": "endpoint-1", "include_subdomains": true, "max_age": 600}
< nel: {"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}
<
* Connection #0 to host citation.atlassian.net left intact
{"self":"https://citation.atlassian.net/rest/api/3/project/search?maxResults=50&startAt=0","maxResults":50,"startAt":0,"total":0,"isLast":true,"values":[]}%

Hope that helps, I feel we are close to resolution!