Creating an allowlist when basic authentication is disabled
When basic authentication is disabled in your environment, you can still create an allowlist for specific users and URLs to use basic authentication in REST API calls.
Before you begin
To be able to block basic authentication and create allowlist with exception in your environment, you must first install the SSO for Atlassian Data Center app from Atlassian Marketplace. This feature is supported in Data Center versions of Jira and Confluence. For the complete list of supported versions of these products, see Atlassian Marketplace.
This feature is only available for Jira version 8.16+.
To create an allowlist
To access basic authentication configuration, send the
GET
request to:${productBaseUrl}/rest/basicauth/1.0/config
Here's an example of response to this request:
{ "block-requests": true, "allowed-paths": ["/rest/greenhooper/*"], "allowed-users": ["admin", "john"] }
To update basic authentication configuration, send the
PUT
request to:${productBaseUrl}/rest/basicauth/1.0/config
In the body, you can configure the allowlist and if basic authentication should be enabled/disabled:
{ "block-requests": true, "allowed-paths": ["/rest/greenhooper/*"], "allowed-users": ["admin", "john"] }
allowed-paths
andallowed-users
accepts wildcard (“*”) which replaces any list of characters.Configuration properties are independent, which means that you can change only allowed-users e.g.
{ "allowed-users": ["admin", "normalUser", "testUser"] }
block-requests
andallowed-paths
in such case will not be affected.
Some Atlassian products rely on using username and password for authentication in API calls. Here's a list of URLs we recommend that you add to your allowlist to ensure smooth functioning of some Atlassian products: