JIRA Cloud REST API : Forbidden (403) error

2
votes

I'm trying to utilise the JIRA Cloud REST API in an application I'm developing. Recently I've started getting 403 errors. My integration was reliable up until about a week ago, however these error responses have started to become very frequent.

I've followed the documentation for 3LO code grants. Currently, I have:

  1. an application called "App" setup under the application dashboard
  2. in the application dashboard, my "App" has access to both "Jira platform REST API" and "Authorization code grants"
  3. under "Jira platform REST API" for my "App", the View Jira issue data and View user profiles options are both added/enabled

When trying to authenticate with the JIRA Cloud REST API, everything seems to work as expected.

  1. I begin by redirecting the user to authorise "App" to access data from JIRA via https://accounts.atlassian.com/authorize. I am including the following scope(s) in this request: offline_access read:jira-user read:jira-work to ensure required read access and the ability for token renewal (ie offline_access)

  2. On authorisation, I am redirected back to my application and request an access token via https://accounts.atlassian.com/oauth/token (using the provided redirect code). This succeeds, and I now have valid access_token and refresh_token's

  3. I now issue my first call to JIRA's Cloud REST API: https://api.atlassian.com/oauth/token/accessible-resources. I use the access_token that was previously acquired to fetching my sites cloud_id via this call. This works as expected and I now have my sites cloud_id

  4. I now try a seconds call to JIRA's Cloud REST API: https://api.atlassian.com/ex/jira/{MY_CLOUD_ID}/rest/api/3/search. I use the access_token in the same way as before via these request headers:

    headers: {
    'Authorization': `Bearer { MY_ACCESS_TOKEN }`,
    'Accept': 'application/json'
}

The response I consistently get back is as follows: Forbidden 403. Encountered a 403 Forbidden error while loading this page.

As mentioned, this was working perfectly within the past week or so. Unfortunately, the JIRA documentation doesn't list 403 as a response code for the search method.

2
restoauthjirajira-rest-api

2 Answers

1
votes

Two things ... (1) There was a post earlier this week where someone's search behavior in the cloud changed as well. You may want to look for that post to see how it was resolved (I will look for it in a moment and if I find it, I'll add the link here). He was using "api/3" as are you ... the documentation says "api/3" is in beta. So maybe try with "api/2"?

(2) I don't know if this code will help... it accesses the REST API but the calls I'm making are much different than yours. This is against an on premise version of JIRA (up to date with the latest code). I don't have a cloud instance to test against.

Call for Logging in / Authentication:

Const APIAuthPath = "/rest/auth/1/session"


Sub Call_JIRALogin(pUserName, pPassword)

    Dim JIRASendString As String, JIRASendURL As String

    JIRASendURL = BaseURL1 & APIAuthPath

    JIRASendString = " {"
    JIRASendString = JIRASendString & Chr(34) & "username" & Chr(34) & ":" & Chr(34) & pUserName & Chr(34)
    JIRASendString = JIRASendString & ","
    JIRASendString = JIRASendString & Chr(34) & "password" & Chr(34) & ":" & Chr(34) & pPassword & Chr(34)
    JIRASendString = JIRASendString & "}"


    Set objHTTP = CreateObject("MSXML2.ServerXMLHTTP")
    objHTTP.setOption 2, 13056


    With objHTTP
        .Open "POST", JIRASendURL, False
        .setRequestHeader "Content-Type", "application/json"
        .setRequestHeader "Accept", "application/json"
        .send (JIRASendString)
        CResponse1 = .responseText
        cCookie1 = "JSESSIONID=" & Mid(CResponse1, 42, 32) & "; Path=/Jira"  '*** Extract the Session-ID
        CStatus1 = .Status
    End With

Subsequent Calls:

Sub BBB_SingleIssue_Driver(inIssueId)


    Dim JIRASendURL

    CurrIssue = inIssueId

    JIRASendURL = BaseURL1 & "/rest/api/2/issue/" & CurrIssue

    With objHTTP
        .Open "GET", JIRASendURL, False
        .setRequestHeader "Set-Cookie", cCookie1 '*** see Create a "Cookie"
        .send
        CResponse1 = .responseText
        CStatus1 = .Status
    End With

    If CStatus1 <> 200 Then
        MsgBox ("Failed to retrieve issue " & CurrIssue & "  status code : " & CStatus1)
        GlobalHttpStatus = CStatus1
        GlobalHttpResponse = CResponse1
        GlobalStep = "Retrieve Issue: " & CurrIssue
        GoTo SingleIssueErrOut
    End If

    '  handle a good response

SingleIssueErrOut:

    '  handle an error    

End Sub
0
votes

The solution in the end was to use Basic Authentication via the Authorization header when issuing requests to JIRA's Cloud REST API:

https://CLOUD_ID.atlassian.net/rest/api/3/API_METHOD

Headers:

'Authorization': 'Basic ZGFjcmVAb...',
'Accept': 'application/json'

Basic authentication will be removed in the future according to the API documentation, so this is being treated as a stop-gap solution.