Automation Suddenly Started To Fail

Also, I am the owner of the global rule, and the rule actor is "Automation for Jira", if either of those makes a difference.

For a Send Web Request the rule actor is not relevant (I believe) since the credentials are part of the action.

Can you show us:

1. Screen images that show your entire automation rule.
2. what you have set in the Send Web Request action (obscuring confidential data like the token value)

What API endpoint are you accessing, specifically?

When you added the new API token did you properly encode it first?

With the first step, there are no conditions; I want the rule to trigger when a hardware asset is created.

Then it creates a variable named Object and pulls the smart value of {{object.key}}.

It then sends the web request, using the GET HTTP method, with an empty web request body.  I have it set to delay the execution of subsequent actions until it gets the response.  For the key, I have my new API token that I created this morning.  As far as encoding it, I'm not sure what would need to be encoded.  I created it using the create API token option and gave it a name and expiration date.

It then creates a new variable named UserName using the smart value {{webResponses.last.body.actor.Name}}.

It then creates a new variable named user using the smart value {{UserName.substringBefore(",")}}.

It is then supposed to send an email to me with the content "Asset {{object.key}} was just created by {{User}}."

Hi @Heather Weatherholt ! To use your API token in your automation, you need to encode it using Base64 and provide it in the Send Web Request function Headers.

For this purpose, you can do the following steps:

1. Encode your API Token using Base64 : your_email@example.com:your_api_token

2. Add a Headers in your Send Web Request action with the Key: Authorization and value: Basic encoded_api_token_from_Step1

Please do the following and let us know if it works.

Hardik,

I took the API that I had created earlier and used the Base64 website to encode it, then copied that into the send web request, replacing the value that I already had for Authorization with the new encoding one, and tested, but it still fails.  With the errors:

Object 10/02/2025, 14:09:44
Create variable 10/02/2025, 14:09:44
Send web request 10/02/2025, 14:09:44

Unable to publish the web request - received HTTP status response:
401
Error found in the HTTP body response:
{"code":401,"message":"Unauthorized"}

Hello @Heather Weatherholt 

Here is an article referencing how to configure a Send Web Request action that is calling an API endpoint on the same Jira instance.

https://community.atlassian.com/forums/Jira-articles/Automation-for-Jira-Send-web-request-using-Jira-REST-API/ba-p/1443828

Can you confirm that when you encoded your API token you  encoded
<your email>:<your API token>

When you created the API token did you create it as a scoped token?

What API endpoint are you calling? What parameters are you providing with the call?

Can you share a screen image of the Send Web Request action?

Trudy,

When I encoded it to Base64, I did not do email:API, but I just went and re-encoded it, using that format, and updated my automation.  It failed again, with the same error:

Object 10/02/2025, 14:52:03
Create variable 10/02/2025, 14:52:03
Send web request 10/02/2025, 14:52:03

Unable to publish the web request - received HTTP status response:
401
Error found in the HTTP body response:
{"code":401,"message":"Unauthorized"}

I did not do a scoped token.  I considered it, but when I looked at the option initially, I did not think that any of the options would apply.  But now looking at them in more detail, I think there is one or two that could apply, but I do not recall setting up a scoped API when I first set up the automation almost 2 years ago.

Heather, the 401 Unauthorized error message usually means it's not able to verify your identity or you don't have access to the resource.

Can you verify that in the Headers, the value for the Authorization key follows this format:

Basic encoded_'email:api_token'

 And, if this doesn't work, can you please share the Web request URL ((obscuring confidential data like the workspace id) so that the community can review which API endpoint you are trying to use?

I recommend that until we figure out the authorization issue you do not try to use a scoped token.

As in the article I referenced, on a unix/linux system the command to encode the credentials is:

$ echo -n "email@example.com:<YOUR_TOKEN_HERE>" | base64

This would product a long string.

When adding it to the Send Web Request you need to insert this:

...where the "dGNsYXN..." is the long string you got from the encode command. You can then check the Hidden box, but once hidden you cannot re-reveal it, so you'll want to be very sure it is correct.

As @Hardik Babbar and I both requested it would also be helpful if you show us the entire content of the Web Request URL field. You can obscure IDs in what you show us, but we need to know otherwise the endpoint you are trying to use.

Are you sure that the workspace ID in your Web Request URL is correct?

You said in your original post that "the history of the object is being reviewed". Are you using the endpoint that gets the history of an object?

https://api.atlassian.com/jsm/assets/workspace/{workspaceId}/v1/object/{id}/history

(documentation: https://developer.atlassian.com/cloud/assets/rest/api-group-object/#api-object-id-history-get

Are you sure you have the correct value for the object ID?

Are you able to view that object directly in the UI?