Empty list when getting info using Basic Auth with "customer account"

Hello, experts:

I wrote this in the comunity forum, then I realized that there is a developer forum. Sorry ^^U

I’m making a web page that need to load some info from Jira Cloud. The Web is in .NET Core.

When I try with my user, I can get the info OK. But if I connect with a “customer account” (also called JSM Customer from support mails), I get a 200 response, but no info at all.

I tried with Postman, adding the encoded API Token, as Basic header, created using this two tutorials:
https://developer.atlassian.com/cloud/jira/platform/basic-auth-for-rest-apis/

But the JSON is like:

{ "startAt": 0, "maxResults": 50, "total": 0, "issues": [] }

So, reading this post:

I opened GIT Bash and wrote this command:

curl -u "example@mail.com:*******API-Token*******" -D- -X GET "https://myname.atlassian.net/rest/api/3/search?fields=project,summary,reporter,issuetype,created,status&maxResults=1000" > log.txt

I got this on the console:

% Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 100 52 0 52 0 0 52 0 --:--:-- 0:00:01 --:--:-- 38

It looks like it got 52 bytes of data, but in the log.txt I have this:


HTTP/2 200
server: AtlassianProxy/1.19.3.1
vary: Accept-Encoding
cache-control: no-cache, no-store, no-transform
content-type: application/json;charset=UTF-8
strict-transport-security: max-age=315360000; includeSubDomains; preload
date: Mon, 25 Apr 2022 10:00:11 GMT
atl-traceid: bf86ea0d3d57dc6e
x-arequestid: 48449dc3-bb81-4dc7-a2c5-fb0223c3ad55
x-xss-protection: 1; mode=block
timing-allow-origin: *
x-envoy-upstream-service-time: 106
x-content-type-options: nosniff
set-cookie: atlassian.xsrf.token=B0OF-PAG0-T8HT-7XKW_513934a8be0d5fbe05371533d41f0ff35d7cd6f1_lout; path=/; SameSite=None; Secure
expect-ct: report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", enforce, max-age=86400

{"startAt":0,"maxResults":100,"total":0,"issues":[]}

So, again, no info at all. The 52 bytes of data are the 52 characters on the last line.

What am I doing wrong?

NOTE: At first, I tried with OAUTH2, but “JSM Customers” can’t log in with this method yet.

@CarlosALpezOrtn,

I see from your curl command that you were trying to search for issues using JQL using GET /rest/api/3/search from the Jira Platform REST API. Because of the way customers are licensed in Jira, the empty results are expected. To explore using the user interface, try to login to see issues with customer credentials. Only licensed agents can see “inside” Jira.

What customers can see is available through the customer portal, so you should be able to use customer credentials against the JSM REST API to get customer requests.

Thanks for the fast reply, much apreciated!

So, if I’m reading it right, I was using the wrong API, didn’t I?
Ok, I’m reading from
https://developer.atlassian.com/cloud/jira/service-desk/rest/intro/

So, to test things going right, I tried this curl instead:

curl -u "example@mail.com:*******API-Token*******" -D- -X GET "https://myname.atlassian.net/rest/servicedeskapi/request" > log.txt

So, I got a 401 code instead:

HTTP/2 401 
server: AtlassianProxy/1.19.3.1
vary: Accept
www-authenticate: OAuth realm="https%3A%2F%2Fmyname.atlassian.net"
cache-control: no-transform
content-type: application/xml;charset=UTF-8
strict-transport-security: max-age=315360000; includeSubDomains; preload
date: Mon, 25 Apr 2022 12:17:37 GMT
atl-traceid: 5fda515eb512708a
x-arequestid: eae09cdb-ef8a-4c29-96ee-e0e17906bce0
x-xss-protection: 1; mode=block
timing-allow-origin: *
x-envoy-upstream-service-time: 42
x-content-type-options: nosniff
set-cookie: atlassian.xsrf.token=B0OF-PAG0-T8HT-7XKW_a2edf9f848c40288e1d48d4a3e95ef04ebc68279_lout; path=/; SameSite=None; Secure
set-cookie: jsd.portal.language.anonymous=es-ES; Expires=Mon, 25-Apr-2022 12:18:37 GMT; Path=/
expect-ct: report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/global-proxy", enforce, max-age=86400

<?xml version="1.0" encoding="UTF-8" standalone="yes"?><status><status-code>401</status-code><message>Client must be authenticated to access this resource.</message></status>

Same result in Postman.

I was looking how to autenticate the customer, but the API info took me to the same authentication pages as Jira Platform REST API. So, for Basic Auth, the curl should work, isn’t it?
I though that maybe only OAuth2 should work, so I enabled OAuth2 authentication again on my page, but when I put user and password of customer in Log in with Atlassian account page, it told me that this user has no Jira page, just the same as before trying with Basic Auth.

For the record, this new curl works for my user, but not for my “customer account”.

Thanks again, and sorry for the inconvenience.

@CarlosALpezOrtn,

Sorry, it seems I was sending you down the wrong path.

The 2 authorization mechanisms you are trying will not work for JSM customers, only for JSM agents. Basic authorization only works with API tokens but customers often do not have full Atlassian accounts where they can manage API tokens. And, support for enabling customers with OAuth 2 (3LO) access to APIs is an open feature request:
https://jira.atlassian.com/browse/JSDCLOUD-4065

To my knowledge, a client can only “act as customer” with user impersonation for Connect Apps.

Yes, I’m familiar with the open feature request. When talking with support via mail, they pointed me to that, and they suggested me to try Basic Auth while this feature is being developed… but it started back in 2016, and it was really noticed a couple of years ago, so I’m not expecting it to be completed soon.

Also, I overlooked the user impersionation for Connect Apps, because, well, it only works with Connect apps, and I don’t know what they are, and documentation doesn’t tell me what or how to do them (sorry, but this is my second web project, and it needs to be .NET Core in our servers). I was reading the doc again and it seems that I get a JWT token when I install the app, but no info where or how to install… sorry but that page it’s too confusing to my understanding.

I found that I can convert “customers” into “Atlassian accounts”, and it will solve our problems:

But I’m not the site administrator, and I have to ask if it is a possible solution or not.

I know that I’m closing a lot of doors, but I have to go with given specifications. Sorry.

@CarlosALpezOrtn,

Yes. Connect Apps can be a rather difficult journey, and Atlassian provides no guidance specific to .NET. Over the years, I’ve noticed quite a few C# and ASP.NET folks asking about Atlassian Connect, but I wouldn’t recommend it as your 2nd web project.

Unfortunately, I’m also closing doors and I don’t see a way to accomplish your goal.

Finally, I was able to connect with the ServiceDesk API, making an Atlassian Account to the customer withouth permissions, using Basic Auth. I cannot use OAuth2 because the Atlassian authorization page doesn’t allow him to log in, so it’s a quite good workaround until OAuth2 is implemented on Jira API.

Now, I’m trying to get the same information I can get from Jira, but that’s for another thread.

Thanks for your help.

1 Like