JIRA Rest API session resource changes in JIRA cloud

Still need help?

The Atlassian Community is here for you.

Ask the community

From  we'll be making some changes to the login REST resource for JIRA and Confluence Cloud. We've prepared this knowledge base article as a reference for customers who rely on this resource.

What will be changing?

The login REST resource will be changed so that it may only be used by Atlassian accounts with verified email addresses. If this resource is used with an Atlassian account that has an unverified email address, this resource will return an error (HTTP status code 409). Additionally, for both the login and current user resources, session information (the "loginInfo" section) will no longer be returned in the response's payload.

 

Why?

The rollout of Atlassian account for JIRA Cloud transfers the management of individual user accounts from a customer's JIRA or Confluence instance to Atlassian account, which are globally unique user accounts that can be used to access all Atlassian Cloud products (JIRA, Confluence, HipChat, and Bitbucket). Since Atlassian account can be used for many instances, to ensure the security of these instances, we need to ensure that Atlassian accounts have verified email addresses.

Since sessions are being managed by Atlassian account rather than JIRA, session information can no longer be shown.


FAQ

What is Atlassian account?

Atlassian account is the single user account for logging into Atlassian Cloud products, as well as our Help, Knowledge and Billing systems. This is being progressively rolled out to JIRA, Confluence and HipChat, and has been fully rolled out for Bitbucket. 

More details can be found here: Introducing Atlassian account

A user got a 409 response from the login REST resource. What should I do?

The simplest option is to have the user log in to Atlassian account through their browser which will prompt them to verify their account. This process will send an email with a link that, when followed, will verify their account. Once this is done, the resource should work again.

If the email cannot be verified then this account should no longer be used. Instead, switch to an existing verifiable account or create a new one.

Alternatively, Basic Authentication can be used as this stateless form of authentication can be used by unverified Atlassian accounts.

Last modified on Nov 2, 2018

Was this helpful?

Yes
No
Provide feedback about this article
Powered by Confluence and Scroll Viewport.