"devinfo" REST API Authentication


We are trying to migrate into Jira Cloud and, as part of this, I need to build an integration to push Commit information from our on-premise source control to Jira Cloud.

To do this, I have tried to follow the instructions to create an OAuth token Integrating Jira Software Cloud with on-premises tools

So I’ve gone to “Settings > Apps > Manage Apps > OAuth credentials” and created an id / secret.

Now I’m sending:

POST https://api.atlassian.com/oauth/token
    "audience": "api.atlassian.com", 
    "client_id": "...",
    "client_secret": "..."

This is successfully returning a token.

    "access_token": "...",
    "expires_in": 3600,
    "token_type": "Bearer",
    "scope": "manage:jira-data-provider"

I am now trying to call the “/rest/devinfo/0.10/bulk” endpoint https://developer.atlassian.com/cloud/jira/software/rest/api-group-development-information/#api-group-development-information

My request (which is somewhat made up to test that it works) looks like:

POST https://<oursite>.atlassian.net/rest/devinfo/0.10/bulk
  "repositories": [
      "id": "AZDO",
      "name": "Azure DevOps",
      "url": "...",
      "updateSequenceId": 638399974784049370,
      "commits": [
          "id": "92117",
          "displayId": "92117",
          "url": ".../_VersionControl/changeset/92117",
          "issueKeys": [
          "message": "SROAD-10: Fix compiler error",
          "author": {
            "email": "..."
          "fileCount": 1,
          "authorTimestamp": "2024-01-04T20:37:58",
          "updateSequenceId": 638399974784929813

Headers are:

  • Authorization : Bearer <token>
  • Accept : application/json
  • Content-Type : application/json

When I do this, I just get back:

<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
    <message>Client must be authenticated to access this resource.</message>

(note also so not sure why it returned XML…)

I am unsure how I can diagnose why it isn’t working or how I would fix it.

Any help would be greatly appreciated!


Note I just noticed that the “downloadable API description” has a different URL:
“/jira/devinfo/0.1/cloud/{cloudId}/bulk” but that doesn’t work either :grinning:

Just returns a html page saying I’ve gone to a broken link.

And just to prove to myself I’m not going mad, I tried passing dodgy client ids / client secrets and it definitely complains.

And I tried building another set of OAuth credentials but it gives the same result.

And I tried granting all the scopes and it didn’t make any difference.

Welcome to the Atlassian developer community @ChrisSmith,

On quick review of what you’ve provided, you have constructed the URL of your REST API request incorrectly. POST https://${SITENAME}.atlassian.net/rest/devinfo/0.10/bulk should be POST https://api.atlassian.com/jira/devinfo/0.1/cloud/${CLOUD_ID}/bulk.

To explain any further, I have to apologize for the state of documentation regarding all of these docs. I was not aware of the page you linked and it is incomplete regarding URL construction (I have also written a bug report). The parallel page in our developer docs should be used instead. Or, if you want to focus on getting working code, here’s a step-by-step getting started.

Hi Ian,

Thanks for getting back to me so quickly!

Re the parallel page, I think that just takes me back to the pages I linked to with the incorrect URLs? The getting started definitely seems to align with what you mentioned tho.

OK - after quite a few mistakes I was able to get a new error message :slightly_smiling_face:

    "errorMessages": [
            "message": "The request failed: {\"errorMessages\":[{\"message\":\"'authorTimestamp' is not a valid timestamp. Must be an ISO8601 / RFC3339 format.\"}]}"

Which suggests I’ve at least authenticated ok and have vaguely the right URL.

I’ll fiddle around with the date format and see how I go.

Thanks for your help!


Ok and just to close this out, once I fixed up the date format it started working like a charm!

One thing that is slightly confusing is that I created two separate sets of OAuth credentials and they seem to have completely independent lists of repositories, commits etc… Eg I was able to register the same repository with both credentials and independently add commits etc to both with the same ids etc. Deleting one only cleared the stuff added on those credentials.

I guess it makes sense given the security goal of not allowing an integration to see anything in the target system but it was quite confusing when I mixed up the tokens :slightly_smiling_face:

Anyway - might be worth a note in the guide.

Thanks again for your help Ian!


1 Like