I am trying to connect my React app to the Jira Cloud API and can’t seem to get past a 403 error.
Response Error
:status: 403
Content-Type: text/html;charset=UTF-8
Access-Control-Allow-Origin: http://localhost:3000
Content-Encoding: gzip
X-XSS-Protection: 1; mode=block
Timing-Allow-Origin: *
Cache-Control: no-cache, no-store, no-transform
Date: Mon, 17 Dec 2018 21:42:01 GMT
Access-Control-Allow-Credentials: true
X-Content-Type-Options: nosniff
Vary: Origin, Accept-Encoding
X-Frame-Options: SAMEORIGIN
Strict-Transport-Security: max-age=315360000; includeSubDomains; preload
My code currently does a Auth dance using OAuth 2.0 and returns the token and cloudid. I can use this to GET issues, however POST request (like creating an issue) return with 403. I have found here that this error is returned if the user does not have the necessary permission to access the resource or run the method.
I have ensured the user has the correct scope ([write: jira-work, read: jira-work]) and verified this is reflected in the user account (in their account > connect apps tab).
My app is not linked (via ApplicationLink) or installed (via Apps, Manage Apps), is this necessary to perform POST requests?
Here is a sample of my code:
fetch(`https://api.atlassian.com/ex/jira/${jira.cloudid}/rest/api/2/issue/`, {
method: "POST",
headers: {
"Content-Type": 'application/json',
"Authorization": `Bearer ${jira.token}`
},
body: JSON.stringify(data)
})
.then(...)
Neither api version 2 or 3 are working for this POST request. I have explored using Basic Auth however this fails due to CORS errors.
I have verified that the POST request does work in POSTMAN (using the cloudid and token).
Can anyone confirm if this API allows for client side POST requests?
Any help would be great!