httr: authentication issue to access JIRA API

I am trying to access a JIRA API with httr in R and I am having authentication issues.
I am also using proxy at work, but I found this link (#417) very useful (thank you!), because I could solve the proxy authentication error (407),.. but now I have error 401.

I am using the following code:

library(httr)
library(jsonlite)

url_jira_ini<-"https://jira.host/jira/rest/auth/1/session"
url_jira<-"https://jira.host/jira/rest/api/2/long_name"

credentials<-"username:password"
credentials <- base64_enc(credentials)
header_auth <- paste0("Basic ",credentials)

GET(url_jira,
add_headers(Authorization = header_auth),
set_cookies( atlassian.xsrf.token = "long_cookie_1",
JSESSIONID = "long_cookie_2"),
authenticate(user = "myusername",password = "mypassword",type="basic"),use_proxy("proxy.host",8080,username="myusername",password="mypassword", auth="basic"),verbose(),accept_json())

But after that I am getting error 401. I have tried without adding add_headers and set_cookies, but it still gives the same error.

I have tried to modify the use_proxy username and password and gives proxy authentication error (407) when I am using the wrong username and password (401 if they are correct).

But if I modify the username and password in the authenticate section, when I use wrong password and username it still gives error 401 (if the use_proxy section is using the correct username and password). When I use the correct password and username in authenticate also gives error 401.

In the first lines of the verbose output, it says 200 connection established, but in the following lines it appears status 401.

I could access to the JIRA API successfully using Postman (not the latest official Postman release, but a beta version, Postman Canary, which allowed to configure proxy with authentication). To access with Postman I had to first send a POST to url_jira_ini (the authentication site), and after that it generates 2 cookies (atlassian.xsrf.token and JSESSIONID), then I could send a GET to url_jira (the JIRA API that I want to access), which is using basic authentication and the cookie JSESSIONID to access the JIRA API.

In Postman, I have to add the following line in the body (raw):

{"username": "myusername" , "password" : "mypassword" }

Would it be possible to add a body in httr, keeping exactly the same line above used in Postman?
I tried to create a body (list) with that line, but it gives error. Any suggestions?

In case it may be useful, to access the JIRA API in Postman Canary (after configuring the proxy for authentication), I followed the next steps:

• Delete all cookies previously generated by JIRA.
• In the Authorization section, add Authorization "BasicAuth", and include username and password.
• In the Body section, select "Raw" and "JSON (application/json)". And in the Body add the following text:
  {"username": "myusername" , "password" : "mypassword" }
• Send a POST to the JIRA API authentication (url_jira_ini)
• Check if it gives 200, and that it gives a JSESSIONID in the cookies (token needed to access the JIRA API).
• Send a GET to the JIRA API (url_jira)

What should I do to access the JIRA API with httr?
Should I add additional headers in httr?

Please let me know if you need more information.
I need to solve this issue as soon as possible.
Thank you.

following Cross post policy (FAQ: Is it OK if I cross-post?), here is for reference the link toward the github issue posted

Thank you @cderv.
Sorry, I did not know the Cross post policy. I should have include the link toward the github issue posted.
I have posted this issue in the JIRA community:
https://community.atlassian.com/t5/Jira-questions/How-to-access-JIRA-API-with-the-R-package-httr/qaq-p/1050513

Hopefully, someone will help me to solve this issue soon, so I can use httr to access the JIRA API.

Roughly, the step you describe would mean in httr the following

authenticate("username", "password", type = "basic") (type basic is alreayd the default

You can send a json body and application type in header

POST(url, body = '{"username": "myusername" , "password" : "mypassword" }', content_type_json())

I never tried on JIRA and can't try but this is how i understand your POSTMAN description.

If you have a curl call or a working script in another language that could help.

If I'm following correctly, you're using the Atlassian Cloud instance. If so, it's much easier if you use an API token. For a working example of interfacing with the JIRA api, you can check out my sprintr package. Not the most elegant of code, but it works.

@cderv, in case it helps, I got the curl code from Postman.

This is the curl call for the POST part (I have replaced the real host name with "host", and my username and password with "my_username" and "my_password", respectively):

curl -X POST
https://jira.host/jira/rest/auth/1/session
-H 'Accept: /'
-H 'Authorization: Basic ZXgzNTI1NTE6bWluanVzcGFzczM='
-H 'Connection: keep-alive'
-H 'Content-Type: application/json'
-H 'Host: jira.host'
-H 'Postman-Token: 0923a27d-0a58-4d88-8049-438750faa662'
-H 'User-Agent: PostmanRuntime/7.11.0'
-H 'accept-encoding: gzip, deflate'
-H 'cache-control: no-cache'
-H 'content-length: 54'
-H 'cookie: atlassian.xsrf.token=BRCW-NVLG-38U6-MT8S|e3980394b74e5d076589eefc05d47cd3fb6dc5d2|lin; JSESSIONID=361540FCCD23C7DDB751E5DC38615992'
-b 'atlassian.xsrf.token=BRCW-NVLG-38U6-MT8S|e3980394b74e5d076589eefc05d47cd3fb6dc5d2|lin; JSESSIONID=361540FCCD23C7DDB751E5DC38615992'
-d '{"username": "my_username" , "password" : "my_password" }'

This is the curl call for the GET part:

curl -X GET
'https://jira.host/jira/rest/api/2/search?jql=reporter+%3D+currentUser()+ORDER+BY+created+DESC'
-H 'Accept: /'
-H 'Authorization: Basic ZXgzNTI1NTE6bWluanVzcGFzczM='
-H 'Connection: keep-alive'
-H 'Content-Type: application/json'
-H 'Host: jira.host'
-H 'Postman-Token: e648878f-0fc8-41d1-b52e-3b2820960b24'
-H 'User-Agent: PostmanRuntime/7.11.0'
-H 'accept-encoding: gzip, deflate'
-H 'cache-control: no-cache'
-H 'content-length: 54'
-H 'cookie: atlassian.xsrf.token=BRCW-NVLG-38U6-MT8S|a127a1d8ecac407bc5c28f3519f0fd219643c3e6|lout; JSESSIONID=3ABA3351FEF35497FE762EDCB2C7FE10'
-b 'atlassian.xsrf.token=BRCW-NVLG-38U6-MT8S|a127a1d8ecac407bc5c28f3519f0fd219643c3e6|lout; JSESSIONID=3ABA3351FEF35497FE762EDCB2C7FE10'
-d '{"username": "my_username" , "password" : "my_password" }'

What do you suggest to do to access the JIRA API with httr (in a similar way to Postman)?

@davidski. Thank you, I am very interested in the sprintr package.

I am not using Atlassian Cloud (Atlassian Server). Is it still possible to use the sprintr package without using Atlassian Cloud?
In case I can still use the sprintr package, could you provide an example and/or additional documents?

Yup! You can totally connect to a hosted or on prem version with sprintr. See this section of the readme: https://github.com/davidski/sprintr#jira-server-authentication

Thank you.
I have installed sprintr, and I tried to follow the example provided in the usage section but it does not work.
I have set the variables:

JIRA_API_URL="jira_url"
JIRA_USER="my_username"
JIRA_TOKEN="my_password"

To acces JIRA with basic authentication, I need my username, password, and additional cookies (JSESSIONID).
How can I access my JIRA url with sprintr?
Can you provide an example?

Thank you.

To clarify, the three JIRA_ variables referenced are system environment variables (as set by something like Sys.setenv() and typically entered into .Renviron). Just in case you were setting regular R variables by accident. If you were setting environment variables, please open an issue up on the sprintr issues page with the details of your set up and the error produced.

I will add that I strongly discourage username/password setups like this as this is using HTTP Basic Auth and is not a secure solution. That said, this does work on the local instance of Jira Server I have access to without setting the JSESSIONID cookie. A previous version (sprintr/README.md at 3e711bedb1856779d5ff01d84d73a29bce648323 · davidski/sprintr · GitHub) did use the JSESSION hack to get this to work, but that was a truly awful solution that I no longer support.

TL;DR - Use Oauth support if at all possible. Username/Password support is believed to be working without JSESSION hacks. If the later is not accurate, please open an issue on GitHub and we can try to sort it out there!

Thank you. I will open an issue on GitHub, and hopefully we can sort it out there.

This finally worked for me. Sign up for a token on the atlassian site.

library("httr")
library("jsonlite")

my_UN <- ("email")
my_PW <- ("api token")

alldata <-  {

  req <- GET("https://yoursite/",
             path = "rest/api/2/search?jql=your jql query",
             authenticate(user = my_UN,password = my_PW,type="basic"),
             verbose()
)

  api_request_content <- httr::content(req, as = "text")
  api_request_content_flat <- jsonlite::fromJSON(api_request_content)
  as.data.frame(api_request_content_flat$issues, flatten=T)
}

Thank you @ejmorrow . I have tried the code that you posted but it does not work for me. I added use_proxy in the GET call because I am using proxy at work.

I tried with the username and password I use to login to JIRA as my_UN and my_PW, respectively. Initially, I got a 200 connection established, but after the GET, I got status 400.

Because you said that I had to sign up for a token on the atlassian site, I got a token from the atlassian site. Then, I used this token as my_PW, and I used my email as my_UN. I got the same error message than before (I got a 200 connection established, but after the GET, I got status 400). The problem is that I can not use my email and my token to login to JIRA, so I did not expect this work. Any suggestion? Do I need to modify something to my JIRA account, so I can not only use my current username and password to login to JIRA, but also use my email and new created token? Are you able to login to JIRA with your email and your new token? Or you can only access the Atlassian site with your email but not login to JIRA?
Are you using any cookies to access to JIRA with httr? I do not see any cookies in the code that you used .... In your case, do you need to access first to an authentication JIRA API (for instance, something like https://jira.host/jira/rest/auth/1/session) ? I had to first sent a POST to that JIRA auth API to generate cookies, and then use the cookies to access the JIRA API (https://jira.host/jira/rest/api/2/search?jql=your jql query). In your case, you do not have to use two different JIRA APIs?

Hopefully, we can solve this issue soon.
Thank you!

What happens if you paste the ```
https://yoursite/rest/api/2/search?jql=your jql

query in the browser and review the header?  

Is your x-ausername what you expected?

So I'm not using a proxy. We're also using Google to authenticate.  I'm not using cookies either.  I never got that to work.  I only have the 1 API Key.

I pasted the https://yoursite/rest/api/2/search?jql=your jql query to the browser, but gave me an error message. I had to login to JIRA in one window of the browser, and after that paste again the full url in the browser and then it worked. Apparently it does not give a x-ausername. The query uses a "currentUser()" part, something like "https://yoursite/rest/api/2/search?jql=your jql_query+currentUser()+long_text", which means, I guess, that a user must be previously logged in to the JIRA host to access the JIRA API. The only fields that seem to appear in the header (first lines) are "expand", "startAt", "maxResults", "total" and "issues" (but "x-ausername" does not appear).

After login to JIRA, if I paste the authentication API to the browser, it gives the field "name" which is my username to login to JIRA.

Maybe you are using Atlassian Cloud? I am not using Atlassian Cloud (using Atlassian Server).

Let me know if you need more information.

This topic was automatically closed 21 days after the last reply. New replies are no longer allowed.

If you have a query related to it or one of the replies, start a new topic and refer back with a link.