Jira cloud REST API no longer accepting basic authorisation


The jira rest api no longer seems to be accepting basic authentication, i’ve tried multiple username/password and email/password combinations and none of them seem to be working. It had previous been working totally fine for several years beforehand but suddenly stopped working 2-3 weeks ago

Response: “The remote server returned an error: (401) Unauthorized”
Header: {Transfer-Encoding: chunked
Connection: keep-alive
X-AREQUESTID: 578x1672x1
X-Content-Type-Options: nosniff
Content-Type: text/html;charset=UTF-8
Date: Tue, 23 May 2017 08:38:16 GMT
Server: nginx
WWW-Authenticate: OAuth realm=“https%3A%2F%2Fcsamltd.atlassian.net

Based on the mention of OAuth in the header I’m guessing that basic authentication is no longer supported, only authentication via OAuth?

Our implementation of the basic authentication is based on the documentation at: https://developer.atlassian.com/jiradev/jira-apis/jira-rest-apis/jira-rest-api-tutorials/jira-rest-api-example-basic-authentication

Is this documentation now out of date?
Also i was unable to find any mention of any changes to authentication in the documentation for the latest jira update.

I’ve been able to duplicate this I’m not sure what’s triggered this for us but I did find this bit of info in the docs:

CAPTCHA is ‘triggered’ after several consecutive failed log in attempts, after which the user is required to interpret a distorted picture of a word and type that word into a text field with each subsequent log in attempt. If CAPTCHA has been triggered, you cannot use JIRA’s REST API to authenticate with the JIRA site.

You can check this in the error response from JIRA – If there is an X-Seraph-LoginReason header with a a value of AUTHENTICATION_DENIED, this means the application rejected the login without even checking the password. This is the most common indication that JIRA’s CAPTCHA feature has been triggered.

Both of us have:
in our response.

I’m still working on figuring out how to clear that. Logging into the site directly doesn’t clear it.

Nevermind the response is AUTHENTICATION_FAILED, not AUTHENTICATION_DENIED. Two separate errors. Still checking.

I asked a colleague to try basic on his instance and he was able to get a 200 response back so I’m not sure what’s causing this for us.

The dev team mentioned there is a issue they are working on with Atlassian ID. I can’t find the ticket so I can’t verify if it is the same issue. One of the suggested work-arounds that I haven’t tested yet was to reset your Atlassian ID password and try again.

Let me know if that works.


I think this is the issue you’re searching for: https://jira.atlassian.com/browse/JRA-41559


Resetting the password seems to have fixed the issue, cheers!

1 Like

Thanks, actually this is the more relevant issue to follow. https://jira.atlassian.com/browse/JRACLOUD-66793

It’s actually a collection of issues that are summed up in a comment further down https://jira.atlassian.com/browse/JRACLOUD-66793?focusedCommentId=1527352&page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#comment-1527352

hi guys, finally resolved it as i was facing the same issue too while integrating Jira from Pega Agile work bench. The API invocation doesn’t seem to accept baisc auth. Instead enabled the “account in use” for 2 step auth
Use API Token as password with preemptive authentication and it all works fine.