Proper format of Authorization header for Jira REST API

What is the proper format of the Authorization headers for a POST request to /rest/api/3/issue? The docs point you to Basic Auth, but when I do this, the response states that Basic Auth is deprecated. So I try with Bearer <BASE64_ENCODED_EMAIL:TOKEN> and the response error states “You do not have permission to create issues in this project.” When I send a GET request to /rest/api/3/issue/CD-1 (which is a valid issue key), it responds similarly with “Issue does not exist or you do not have permission to see it.”

I’ve used the following cURL command to get the encoded key:

echo -n michael@coin.cloud:#{API_TOKEN} | base64

I’m using Postman to test the request and using Auth type of ‘API Key’ with Key: Bearer and Value: BASE64_TOKEN. What am I missing?

Hello @MichaelGatewood

For Jira CLOUD, Basic Auth isn’t deprecated… only Basic Auth with Username + Password is. You can still use Basic Auth, but using Username + Token.

However, in Postman, setting the authentication type to ‘API Key’ is a bit misleading. Set the authentication as ‘Basic’, and in the Username field, put your username, usually an email address, then in the Password field, put your token:

Postman will take care of the conversion to a Base64 pair for you and put that into the header of the request.

Test that is working by doing a lookup of yourself

GET https://{{JiraCloudInstance}}/rest/api/3/myself

If that works, but then you are still getting “You do not have permissions to XYZ” when looking up or changing other objects in Jira, then that is just a plain old permission issue… your account doesn’t have permission to do that.

PS. Also add the label rest-api to your question, so that it appears in that higher level question topic…

3 Likes

This resolved my problem. Thank you @sunnyape!

@sunnyape When I try to use Basic Auth in Postman using the method you described, I get an error that says “Basic authentication with passwords is deprecated” even though I’m using my API key and not my password. Any idea why that would be?