Jira REST "403 Forbidden" (permission scheme) in CI
A 403 means Jira knows who you are but the authenticated account is not granted the permission the request needs, such as Create Issues or Transition Issues in that project permission scheme.
What this error means
The Jira API returns HTTP 403 for an action (create, transition, comment) while a read like /myself succeeds, proving auth works but access does not.
HTTP/1.1 403 Forbidden
{"errorMessages":["You do not have permission to create issues in this project."],"errors":{}}Common causes
The service account lacks a project permission
The account authenticates but the project permission scheme does not grant it the specific permission (Create, Transition, Add Comments) the call performs.
The account is not in a role the scheme allows
Permission schemes often grant by project role. If the CI account is not in the granted role or group, otherwise valid calls return 403.
How to fix it
Grant the account the required permission
- Open Project settings, Permissions, and read which scheme applies.
- Add the CI account (or its group/role) to the permission the call needs.
- Re-run the step to confirm the 403 is gone.
Confirm the exact permission with the API
Ask Jira which permissions the account holds for the project so you grant the right one instead of guessing.
curl -sf -u "$JIRA_EMAIL:$JIRA_API_TOKEN" \
"https://your-domain.atlassian.net/rest/api/3/mypermissions?projectKey=ABC"How to prevent it
- Use a dedicated CI service account with least-privilege project grants.
- Add that account to the roles the permission scheme grants.
- Verify permissions with
/rest/api/3/mypermissionsin a smoke test.