Marketplace Rest API Authentication

jan · July 10, 2020, 10:48am

According to the API documentation, the marketplace rest api uses HTTP Basic Authentication: https://developer.atlassian.com/platform/marketplace/rest/intro/

I have been using these APIs for a while, but suddenly we noticed that they started throwing 401 on direct logins. This worked with HTTP Auth 2020-07-08, so it’s a recent change.
What seems to have changed is, that I’m no longer able to login to id.atlassian.com with password, but it enforces me to login via Google (yep, I got google apps connected).

What is the suggested way forward here? I want to have a limited read-only api user for reporting purposes, but it seems I can’t create one in the marketplace and I’m not really sure now where to create it. Preferred solution would of course be to have only an API Key for this, but that seems to not be available for the marketplace.

jan · July 10, 2020, 11:30am

To work around this, I created a new user at id.atlassian.com using a different domain to avoid being required to do SSO.

This user was then added as a contact to the vendor profile and given reporting rights. Now I’m able to fetch report statuses automatically again.

mattseddon · July 12, 2020, 2:21am

We also started experiencing auth issues on Friday. Can anyone from Atlassian provide an update on what’s changed?

sbrudzinski · July 14, 2020, 11:41am

Looking forward to an answer to this as well, since we rely on the Marketplace API. Hopefully, we can avoid having to create an artificial user to work around this.

rwhitbeck · July 15, 2020, 4:06pm

Thanks for raising this. Someone on our team is working with the Marketplace team to determine what might be the problem.

jan · July 15, 2020, 8:14pm

A wild guess is that it relates to this change that was informed per email. Authenticating over GIT with managed accounts usin... - Atlassian Community

ayarazarvi · July 18, 2020, 5:55am

Hi Team,

Apologies for the delay in responding to this thread. I opened a public facing bug with a workaround. Please have a look : [AMKT-23472] - Ecosystem Jira

jan · July 18, 2020, 8:32am

No worries. Response time here is still 5-10 times faster than opening a support ticket.

markrekveld · July 23, 2020, 9:36am

It would be nice if one could use API Tokens for the Marketplace APIs as well.

That would make it so much easier to manage accounts and access to the APIs.
I use the API to automatically publish new versions to the Marketplace, but now have to create a new account just so I can use basic auth and am not blocked using Google SSO.

ayarazarvi · August 17, 2020, 5:26am

Hi @markrekveld, please have a look at this post:

https://community.developer.atlassian.com/t/marketplace-basic-authentication-changes/40853