I’m limiting to these fields if that’s helpful - key, summary, status, assignee, priority, created
The documentation (see link above) says that the granular permissions needed to hit this endpoint are read:issue-details:jira, read:audit-log:jira, read:avatar:jira, read:field-configuration:jira, read:issue-meta:jira, but when I made an API token in the Atlassian account page with those permissions the endpoint gives me an unauthorized error.
Making a general API token at the same page gives me no errors.
I want to make a token with limited permissions, and I tried making a few with additional permissions, but there’s ~160 Jira read permissions so guessing doesn’t make sense.
Does anyone know what the correct permission set is to pull Jira tickets from api/3/search/jql?
Generally speaking, the non-granular or classic permissions work best and in some cases they are your only option, which is why I would recommend using read:jira-work and potentially read:jira-user (for the assignee) instead of fiddling around with the granular scopes.
If you are really set on using the granular permissions, I’d definitely also look into the JQL query itself – if it uses filters for example, I believe you’d also need read:filter:jira. And of course read:user:jira - that’s the granular one.
Hope that helps,
Oliver
P.S. On a final note: Make sure the error you get is not just unauthorized, but also includes “Scopes do not match”. If it doesn’t, it’s more likely an auth problem than a scopes problem.
The classic permissions would be fine (I’m mostly trying to not use a full perms token), but when I make a token as you suggested with read:jira-work and read:jira-user I’m still seeing the same behavior.
Checking what kind of failure I don’t see anything complaining about scopes, I’m getting a x-seraph-loginreason:"AUTHENTICATED_FAILED" in the response.
I’m confused why I’m getting this for a scoped down token, but not a full token