Forums
Home Product Q&A Discussion groups Articles Ask a question Search
Learning
Events
Champions

Forums

Articles
Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Product Q&A
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Scoped API "Client must be authenticated to access this resource."

Ben Woods
Ben Woods
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
Get involved
June 12, 2025

Hi,

I'm trying to create a rest api app to interact between a jira board and a third party website using a scoped api key.

The api needs to do the following tasks:

  • Create/Read tickets
  • Read/Write fields 
  • Find issues via JQL
  • Read/write comments
  • Update ticket status

For this I've currently given the key the following scopes:

  • write:issue:jira
  • read:issue:jira
  • write:field:jira
  • read:field:jira
  • read:jql:jira
  • write:comment:jira
  • read:comment:jira
  • write:request.status:jira-service-management   (less sure about this one)

Initially I tried the following command:

curl -u account.email:[REDACTED] -X GET https://our_domain.atlassian.net/rest/agile/1.0/board/1243/issue?maxResults=50 -H "Accept: application/json"

And it was returning:

Client must be authenticated to access this resource.

Doing a little reading from similar questions here I thought the issue was the different endpoint when using a scoped api key, and it should be in the form of https://api.atlassian.com/ex/jira/<cloudid>/rest/api, as such I then tried the following:

curl -H "Authorization: Basic [REDACTED]" -H "Accept: application/json"  "https://api.atlassian.com/ex/jira/<cloudid>/api/3/myself" -v --compressed

however this then returned:

{"code":401,"message":"Unauthorized"}* Connection #0 to host api.atlassian.com left intact

If someone could help shed some light on this for what I'm missing, either being incorrect scopes or if there is something else I am missing that would be greatly appreciated. Thank you.

Answer
Watch
Like Be the first to like this
144 views

3 answers

0 votes
Akash Singh
Akash Singh
Community Champion
June 12, 2025

@Ben Woods Welcome to Atlassian Community!

You were very close to figuring it out on your own. I'd recommend starting with the classic scopes (write:jira-work, read:jira-work) for your use case — they generally cover most common needs. However, if you want to restrict the script or app to only the minimum necessary permissions, then it's better to use the granular scopes specific to the API resources your app will access.

Now coming to making the request to the endpoint, you would need to use OAuth 2.0 tokens, you'll first need to construct the request using the appropriate resource URL that includes your Cloud ID, as outlined in the documentation:
🔗 Enabling OAuth 2.0 (3LO) for Atlassian Cloud

Your API endpoint should look like this:

https://api.atlassian.com/ex/jira/{cloudid}/rest/api/3/myself

You can also retrieve the cloudid following the steps mentioned in this Atlassian guide.

Below curl command should work for fetching your profile details,

curl --request GET \
--url 'https://api.atlassian.com/ex/jira/{cloudId}/rest/api/3/myself' \
--user 'email@example.com:<api_token>' \
--header 'Accept: application/json'

Note: The above end point requires (read:jira-user) classic scope.

Reply
0 votes
Dirk Ronsmans
Dirk Ronsmans
Community Champion
June 12, 2025

To continue on @Florian Bonniec 's answer that's not entirely correct.

If you try and use the instance api's (something.atlassian.net) you'll indeed use a Basic Authentication with a token.

The combination of your username (email) and the api token that you generated will need to be base64 encoded.

Meaning your Authorization header will be: Authorization Basic [base64encoded username:api token]

When using curl you should be ok with username:api token as format and it should encode it itself.

 

For the admin hub api's those will be called through api.atlassian.com and for those you need an organization api token. (and this uses a Bearer token header)

 

For your use case it seems you are calling the instance rest api's so username:token should be fine.

Reply
Reply

Suggest an answer

Log in or Sign up to answer
Jira
Jira
DEPLOYMENT TYPE
CLOUD
PRODUCT PLAN
STANDARD
PERMISSIONS LEVEL
Product Admin
TAGS
AUG Leaders

Atlassian Community Events

    See all events
    Community
    Forums
    FAQs Forums guidelines
    Learning
    About learning Resources
    Events
    Champions
    Copyright © 2025 Atlassian
    Privacy Policy Notice at Collection Terms Security