Forums
Home Product Q&A Discussion groups Articles Ask a question Search
Learning
Events
Champions

Forums

Articles
Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Product Q&A
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Jira Token With Scopes

aadish
aadish
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
Get involved
May 21, 2025

As Api token without scopes are deprecating I created a jira token with scopes using following scopes:
read:issue:jira
read:issue-details:jira
read:project:jira
read:user:jira
read:permission:jira

curl --location 'https://***********/rest/api/3/issue/PPT-28' \
--header 'Accept: application/json' \
--header 'Authorization: Basic *********** \
--header 'Cookie: atlassian.xsrf.token=a87d095344e85388d88b42f511242659303971a4_lout'

I am getting the below error 

{
"errorMessages": [
"Issue does not exist or you do not have permission to see it."
],
"errors": {}
}

Need help over this
Answer
Watch
Like Be the first to like this
1040 views

2 answers

1 vote
Jorge Belenguer
Jorge Belenguer
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
Get involved
May 22, 2025

Documentation is a bit confusing, so I'm not going to pretend I'm sure about this, but...

I believe to use scoped tokens you cannot use basic authentication, but OAuth 2.0 instead (Jira scopes for OAuth 2.0 (3LO) and Forge apps).

Worth adding that if that assumption is correct, you will also need to go through the https://api.atlassian.com/ex/jira/<cloudId> endpoint instead of https://your-domain.atlassian.net

https://developer.atlassian.com/cloud/jira/platform/rest/v3/intro/#other-integrations

 

Reply
0 votes
Rene C_ _Atlassian Support_
Rene C_ _Atlassian Support_
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
May 23, 2025

Hi, @aadish ! I recently received a support request from another customer with a similar problem. I believe this is related to what @Jorge Belenguer mentioned about scopes generally being meant for OAuth 2. but now that the API Tokens page implemented scopes for API tokens and is also indicating that un-scoped API tokens will be deprecated, it is not clear if this is meant to deprecate Basic auth as well, or if the scoped API tokens are meant to be used with Basic auth like un-scoped ones and are simply not working as expected, like in your case.

To ensure we track this, as well as to clarify the scenario, I raised a bug report for this at: JRACLOUD-94545 - Sending web requests with API tokens with a scope result in permission issues

It is worth mentioning some endpoints work as expected even when scoped and using basic auth, so I'm leaning toward a bug in the way scopes are validated with basic auth. In any case, I suggest using un-scoped tokens for now, relying on the project permissions to limit what the credentials can used, and add yourself as a watcher in the bug report to be notified of updates about this topic 

Reply

Suggest an answer

Log in or Sign up to answer
Jira
Jira
DEPLOYMENT TYPE
CLOUD
PRODUCT PLAN
FREE
PERMISSIONS LEVEL
Product Admin
TAGS
AUG Leaders

Atlassian Community Events

    See all events
    Community
    Forums
    FAQs Forums guidelines
    Learning
    About learning Resources
    Events
    Champions
    Copyright © 2025 Atlassian
    Privacy Policy Notice at Collection Terms Security