Using SoapUI, I can successfully search for a user using the user search API:
So I tried to setup an automation. But on validate, the response payload is empty:
After sending the web request, I tried to add a comment:
But the body is empty:
I tried using {{webResponse.body}}, but that’s also empty.
What did I do wrong?
Turns out I need to include Authorization header.
Running in the same problem. If you need an authentication header, why is the response 200 and not 401 (unauthorized)?
I’m sure we wouldn’t design it this way if we built the same endpoint today. But, for historical reasons, some of the Jira Cloud endpoints allow anonymous access. Which means the HTTP request is valid because anonymous may make user search requests. And so is the HTTP response; hence, 200 status. But the empty payload shows the anonymous user does not have permission to see the “kc” user.
Jira permissions are tricky!
Ok, that makes sense. backwards compatibility for the win. 
