Error: Client must be authenticated to access this resource

I’m attempting to retrieve all projects via the Jira REST API. After authenticating with my Jira board, I use the following curl command:

curl --location 'https://your-domain.atlassian.net/rest/api/3/project/search' \
--header 'Authorization: Bearer <access_token>' \
--header 'Accept: application/json'

However, this returns an error: “Client must be authenticated to access this resource.” Interestingly, when I run the same command with the same access token but update the URL format to:

curl --location 'https://api.atlassian.com/ex/jira/<cloudId>/rest/api/3/project/search' \
--header 'Authorization: Bearer <access_token>' \
--header 'Accept: application/json'

I receive the correct results. Why is this happening?

Hello @AditiBhalawat

It is happening because the first URL path is the wrong format for an external connection using OAuth, whereas the second is the correct format.

Refer to the Jira Cloud REST API documentation.

2 Likes

Hi @AditiBhalawat ,

@sunnyape is right. Further to his response, to use the https://your-domain.atlassian.net/rest/api/3/project/search URL, you need to use Connect JWT authentication or basic authentication (personal API tokens). These are detailed in the Connect apps and Ad-hoc API calls sections of the documentation.

Regards,
Dugald

1 Like

Firstly, if the answers you have been provided with so far are correct for your original question, please mark them as such, since you are now ‘piggy backing’ a new, different question on your original one.

Next, you’ll need to provide much more information for someone to be able to assist you. So far, all you’ve advised is that you’re using cURL to make these requests and have provided two cURL code samples that are unrelated to this latest question.

You haven’t advised:

  1. How you generated the OAuth token and with what.
  2. How you are defining the scopes and where.
  3. Why you’re using granular scopes not classic scopes.
  4. Why you’re mixing granular and classic scopes together.
  5. What REST method you’re using and with what headers.
  6. What parameters you’re supplying with the request.
  7. What testing you’ve done outside of cURL to confirm the OAuth token has the required permissions.

Refer to the How to ask a good question thread to get an idea of the minimum level of information you’ll need to supply for someone to be able to assist you.