Forums
Home Product Q&A Discussion groups Articles Ask a question Search
Learning
Events
Champions

Forums

Articles
Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Product Q&A
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

jira server api anonymous access

Hüseyin Çam
Hüseyin Çam April 1, 2021

Hello 

in Our jira server, some rest api ( add below ) can be reached anonymous. we want to reach with only authentication. how can we solve the issue ?

 

the anonymous reaching api;

https://itsupport.vodafone.com.tr/rest/menu/latest/admin

https://itsupport.vodafone.com.tr/rest/api/2/projectCategory?maxResults=1000

https://itsupport.vodafone.com.tr/rest/api/2/resolution

 

Answer
Watch
Like Be the first to like this
2410 views

3 answers

1 accepted

4 votes
Answer accepted
Kurt Klinner
Kurt Klinner
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
April 1, 2021

Hi Hüseyin

i do not think that there is a out of the box solution to enforce authentication for the mentioned endpoints

The only REST resources that allow such kind of access are those that are meant for anonymous access.  These have to be explicitly marked with @AnonymousAllowed or they will automatically reject any anonymous request. In addition i think that some endpoints need to be accessible before any authentication might take place (not sure if that is the case for the ones you listed, but i could think of some scenarios= 

 

One option you could think of would be to block them explicitly on the load balancer (if in use) at least for access from the internet.

 

Looking at the first rest call, the information returned is related to the configured app links, which could also be extracted from the WebUI

Screenshot 2021-04-02 at 07.50.43.png

Cheers

Kurt

View More Comments
Hüseyin Çam
Hüseyin Çam April 1, 2021

Hi Kurt 

For first api call is as you said. But other api calls can be reached with authentication at WebGUI. so we need to reach with authentication.

thanks   

Like
Roberto Ialino
Roberto Ialino
Contributor
May 31, 2021

Hi @Hüseyin Çam , sorry. How you resolved please ? Thanks a loto for the info. We have the same problem. Have you blocked directly on the load balancer ?

Like Hüseyin Çam likes this
Roberto Ialino
Roberto Ialino
Contributor
May 31, 2021

Thanks a lot

Like
Roberto Ialino
Roberto Ialino
Contributor
May 31, 2021

Hi @Hüseyin Çam please consider that also /rest/api/2/dashboard?maxResults=100 is open

Like Hüseyin Çam likes this
Reply
Reply
0 votes
Ananjan_miniOrange
Ananjan_miniOrange
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
March 19, 2024

Hi @Hüseyin Çam 

I know it's a bit late, but I stumbled upon your post today and wanted to drop a quick comment.

I'm Ananjan from the miniOrange team. Just wanted to share that we have an app in the Atlassian marketplace that can help you easily address this use case. If you are interested feel free to check the app here: Enhance API Security for Jira REST APIs with OAuth/API Token | Atlassian Marketplace

 

Reply

Suggest an answer

Log in or Sign up to answer
Jira
Jira
DEPLOYMENT TYPE
SERVER
VERSION
8.11.1
TAGS
AUG Leaders

Atlassian Community Events

    See all events
    Community
    Forums
    FAQs Forums guidelines
    Learning
    About learning Resources
    Events
    Champions
    Copyright © 2025 Atlassian
    Privacy Policy Terms Security
    Welcome illustration

    Welcome to the new Atlassian Community

    Online forums and learning are now in one easy-to-use experience.

    By continuing, you accept the updated Community Terms of Use and acknowledge the Privacy Policy. Your public name, photo, and achievements may be publicly visible and available in search engines.