We’re trying to download avatar images for our dashboard add-on. Downloading works fine using basic auth but using Atlassian Connect auth (JWT) we get a 401 response. According to this document
the /secure/useravatar endpoint is listed but “private” API. Does that means it’s not possible to download the avatars? Or are there some other steps needed to download them? Just wanted to check this before further debugging.
Why?
We need to download the avatar images because they are used in off-line reports. So it’s not enough to just have them available inside the Jira UI container.
The private lozenge on that path means that it’s not intended for public use. It exists and it will probably work fine, but it we may change it without the normal deprecation period. The API may be new, or maybe there are doubts about its usefulness, or it may be having a beta period in which it changes in response to developer feedback.
In this case, however, the 401 responses suggest a problem with authentication rather than with the API itself.
Are you able to invoke other APIs? This may tell us whether you are experiencing a general authentication problem or a problem specific to this API.
Thanks for your response. The issue was indeed related to authentication. The Query String Hash for the JWT was incorrectly calculated (only) for requests that were made to the /secure/useravatar endpoint.