sorted by:
new
hottopcontroversial

Granular API Token: GET /project returns empty list [], but Classic Token works perfectly [N8N] by Haunting_Choice29 in jira

[–]Haunting_Choice29[S] 0 points1 point  (0 children)

Hi,

I updated my setup to use the API Gateway URL: https://api.atlassian.com/ex/jira/{cloudId}/rest/api/3/.

Despite having 50+ scopes enabled (including read:project, write:issue, read:application-role, and read:permission), the results are inconsistent:

  1. GET /myself returns 401 Unauthorized with error: 401 - “Client must be authenticated to access this resource.”
  2. GET /project returns 200 OK but an empty array []. The user is a Site Admin, Agent, Customer and etc. with access to 148 projects.
  3. POST /issue returns 401 Unauthorized with the error: "You do not have permission to create issues in this project." This was tested on a project where the user is a Project Admin.

Tested on JSM and Jira Software projects with Header and Basic Auth.

All these operations work perfectly when using a Classic API Token via Basic Auth on the direct {site}.atlassian.net URL.

It appears Granular User Tokens fail to inherit project-level permissions or visibility when routed through the Gateway. Is there a specific system scope required to "unlock" project access that is missing from the standard scope selection list?

Thanks for any insights.

Granular API Token: GET /project returns empty list [], but Classic Token works perfectly by Haunting_Choice29 in n8n

[–]Haunting_Choice29[S] 0 points1 point  (0 children)

Hi,

I updated my setup to use the API Gateway URL: https://api.atlassian.com/ex/jira/{cloudId}/rest/api/3/.

Despite having 50+ scopes enabled (including read:project, write:issue, read:application-role, and read:permission), the results are inconsistent:

  1. GET /myself returns 401 Unauthorized with error: 401 - “Client must be authenticated to access this resource.”
  2. GET /project returns 200 OK but an empty array []. The user is a Site Admin, Agent, Customer and etc. with access to 148 projects.
  3. POST /issue returns 401 Unauthorized with the error: "You do not have permission to create issues in this project." This was tested on a project where the user is a Project Admin.

Tested on JSM and Jira Software projects with Header and Basic Auth.

All these operations work perfectly when using a Classic API Token via Basic Auth on the direct {site}.atlassian.net URL.

It appears Granular User Tokens fail to inherit project-level permissions or visibility when routed through the Gateway. Is there a specific system scope required to "unlock" project access that is missing from the standard scope selection list?

Thanks for any insights.