Using Cookie based Authentication for REST API Through AWS Load Balancer
Platform notice: Server and Data Center only. This article only applies to Atlassian products on the Server and Data Center platforms.
Support for Server* products ended on February 15th 2024. If you are running a Server product, you can visit the Atlassian Server end of support announcement to review your migration options.
*Except Fisheye and Crucible
Problem
When using Cookie-based authentication for REST API's through an Amazon Web Service Load balancer, you will need to provide the AWS ALB cookie alongside the Jira Session cookie.
The requests can come back empty if the proper cookie is not used.
Diagnosis
Environment
Any Jira Server setup that utilizes an AWS load balancer and is using cookie-based authentication for REST.
Resolution
The correct format for querying in this method is the following.
curl -X GET 'url' -H "Cookie:AWSALB=[cookie value]; JSESSIONID=[cookie value];"
For example,
curl -X GET 'https://getsupport.atlassian.com/rest/api/2/issue/fake-issue' -H "Cookie:AWSALB=AD879D3912AEFE25B8593E6BA58B7FA4501A4E70C0F6150AC773568513B44E10BC0E7134A23BEB5E258411A4BBD92E1E180ABFB791DD634D921F70FA0A736815F636F29BB693D3B6B96D4DB7921760B570C7509077; JESSIONID= 3EEA0827F60EF36A230E32BE0912345A;"