Creating Jira Issues: OAuth Access Token VS API Key

Hey all,

I have oauth enabled for my app and I am trying to create a Jira issue with the REST API.

Using the access_token did not work for me (, and the only thing that worked was creating an API key and using that to make the request.

I want to use my access token, not an API key. When I try to use my access token, it simply tells me “Internal server error” and nothing else. Every field works fine if I use the API key, but not the access_token I generated.

How should I handle this at scale?

How can I allow a user to sign in with Jira, and then create issues without having to create or paste an API key? Or is that the way I should allow my users to integrate with Jira, by enabling a way for them to paste their API key?

Any advice would be helpful. I’m trying to achieve the best possible user experience.

Hi @GeorgePortillo,

Welcome to the developer community! So, if you’ve got an OAuth2 app, I’d take a look at this doc in respect to making an API call on behalf of a user:

I took a glance at your other community post, and it seems like you’re still trying to use Basic auth in the header; however, in the case of user impersonation, you need to set the authorization headers to use Bearer.

GET /rest/api/latest/myself HTTP/1.1
Host: {your-registered-instance}
Accept: application/json
Authorization: Bearer {your-access-token}

This is the way I am exchanging the authorization code for the token:

And I already have the access_token from my oauth implementation which is this link:<CLIENT_ID>&scope=read:me%20read:account%20write:jira-work&redirect_uri=http://localhost:8787/auth/callback/atlassian&response_type=code&prompt=consent`}

Is this not accurate?

If you’re getting an access_token back, then indeed! You’re on the right track. Looking at your community post, I believe you said that you could get a create issue (POST) request to work perfectly fine in Postman with basic auth (with your personal API token), but with the exact same request, with authorization set with Bearer token, you’re getting an internal server error. Is that right? Just want to make sure I’m not conflating your code attempt at making the request with the Postman request.

That is correct!

I was able to create an issue with my personal API Key, but I was not able to do so with my bearer token.

When I try to use the access token via Bearer:

It returns this:

data {
  message: 'Client must be authenticated to access this resource.',
  'status-code': 401

It looks like I haven’t been the only one with this issue, albeit quite an old thread:

We were able to figure it out:

Use to request the cloudId and use the bearer token on<cloudId>/rest/api/3/issue to make the request.

Thank you for the help!