Skip to content
Latchkey

Jira REST "403 Forbidden" (permission scheme) in CI

A 403 means Jira knows who you are but the authenticated account is not granted the permission the request needs, such as Create Issues or Transition Issues in that project permission scheme.

What this error means

The Jira API returns HTTP 403 for an action (create, transition, comment) while a read like /myself succeeds, proving auth works but access does not.

Jira REST
HTTP/1.1 403 Forbidden
{"errorMessages":["You do not have permission to create issues in this project."],"errors":{}}

Common causes

The service account lacks a project permission

The account authenticates but the project permission scheme does not grant it the specific permission (Create, Transition, Add Comments) the call performs.

The account is not in a role the scheme allows

Permission schemes often grant by project role. If the CI account is not in the granted role or group, otherwise valid calls return 403.

How to fix it

Grant the account the required permission

  1. Open Project settings, Permissions, and read which scheme applies.
  2. Add the CI account (or its group/role) to the permission the call needs.
  3. Re-run the step to confirm the 403 is gone.

Confirm the exact permission with the API

Ask Jira which permissions the account holds for the project so you grant the right one instead of guessing.

Terminal
curl -sf -u "$JIRA_EMAIL:$JIRA_API_TOKEN" \
  "https://your-domain.atlassian.net/rest/api/3/mypermissions?projectKey=ABC"

How to prevent it

  • Use a dedicated CI service account with least-privilege project grants.
  • Add that account to the roles the permission scheme grants.
  • Verify permissions with /rest/api/3/mypermissions in a smoke test.

Related guides

Tired of flaky CI? Latchkey auto-heals failed jobs and retries them for you. Start free →