the JIRA REST API, how to authenticate, …

There are certainly legion of reasons to use a REST API and also to use the JIRA REST API, I wanted to create a linear “diary” of JIRA actions.

This is our sample JIRA issue URL:


This is its corresponding REST URL:


Find yourself a working sample JIRA issue URL use the corresponding REST URL in your browser, save the JSON returned to a file!

You usually want to read “pretty” / tidied JSON, so before you start reading JSON, find yourself a JSON-tidy utility:

Usually we want to retrieve JSON from JIRA through REST URLs via the curl utility.

CAVEAT: See my note on the cookie jar below!

This is the “simple example”, that the page referred to above (“Basic Authentication“) shows you:

$ curl -D- -u fred:fred -X GET
-H "Content-Type: application/json"

If your JIRA site requires you to use “Basic Authentication”, you have to encode username:password base64-wise, and this is how to do it:

$ echo -n fred:fred | base64

So if you want to use “Basic Authentication” with these credentials, this is how … (using our sample REST URL):

$ curl -D- -X GET
-H "Authorization: Basic $(echo -n fred:fred | base64)"
-H "Content-Type: application/json"

During my experiments I got locked out of the company’s Active DirectorySSO quite a few times — and I had to call the help desk in order to get my account reset. This is what JIRA tells you, once it decides you have to go through a CAPTCHA_CHALLENGE procedure, because you are behaving a little too suspicious:

HTTP/1.1 403 Forbidden
Server: Apache-Coyote/1.1
Set-Cookie: JSESSIONID=...; Path=/; Secure; HttpOnly
WWW-Authenticate: OAuth realm=""
X-Content-Type-Options: nosniff
X-Authentication-Denied-Reason: CAPTCHA_CHALLENGE; login-url=
Content-Type: text/html;charset=UTF-8
Content-Length: 6494
Date: Wed, 02 Dec 2015 11:59:15 GMT

But once you are beyond this, making use of the JIRA REST API works like a charm.

Update: Although I certainly had not failed (“basic”) authentication, JIRA got my Active Directory / SSO account locked again and again. My new strategy:

  • 1st logon through “basic authentication” and store the cookie jar
  • further authentications (during a script run) though the cookie stored before — yes, I will supply you with examples here in the near future


  • instead of shell+curl use perl+libcurl
  • use the “epic link” to get the “epic link nice name” in order to describe the issue as “issue# + epic-link-nice-name + summary”
  • extend the tool to also deal with Atlassian Confluence


Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.