I'm writing a JavaScript app that generates a report across all out projects for my team. One of the roadblocks I'm facing is CORS when querying the JIRA REST API.

One workaround I'm currently trying is that I set up a node.js server that gets a proper session using my credentials and then tries to get all projects (via /rest/api/latest/project/). 

The node.js app retrieves a proper session id. However, when it tries to query for all projects, the answer is always empty (as if it failed to authenticate properly).

This is the raw response, I marked some sensitive information with Xs:

{data: [ ],
status: 200,
statusText: "OK",
headers: {server: "nginx",
date: "Mon, 04 Apr 2016 22:58:24 GMT",
content-type: "application/json;charset=UTF-8",
transfer-encoding: "chunked",
connection: "close",
vary: "Accept-Encoding",
x-arequestid: "58x134005x1",
x-asessionid: "gbbla4",
x-asen: "SEN-3321953",
x-ausername: "anonymous",
x-atenant-id: "XXXXX.atlassian.net",
cache-control: "no-cache, no-store, no-transform",
x-content-type-options: "nosniff",
set-cookie: ["atlassian.xsrf.token=BJY0-9ZH5-270Y-1S6C|449aa35483219b58564XXXXXXXXXXXXXXXXXXX|lout; Path=/; Secure"
],
strict-transport-security: "max-age=315360000;includeSubDomains"
},
config: {transformRequest: { },
transformResponse: { },
headers: {Accept: "application/json, text/plain, */*",
cookie: "JSESSIONID=XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX",
Content-Type: "application/json",
User-Agent: "axios/0.9.1"
},
timeout: 0,
xsrfCookieName: "XSRF-TOKEN",
xsrfHeaderName: "X-XSRF-TOKEN",
method: "get",
url: "https://XXXXXXX.atlassian.net/rest/api/latest/project"
}
}

What confuses me the most is that x-ausername is anonymous, even though I appear to be properly authenticated. That's probably why the project list is empty (because I cannot see them).

But why is that? When I call the URL in my browser the JSON is returned just fine.

I'd be very grateful for insights on how to get this running. I already spent way more time on this than I wanted. 

Thanks in advance,

Fred