platform notice : Server and Data Center only .This article is applies only apply to Atlassian product on theServer and Data Center platforms.

Support for Server* products ended on February 15th 2024. If you are running a Server product, you can visit the Atlassian Server end of support announcement to review your migration options.

* Except Fisheye and crucible

Summary

Jira ‘s /search rest api endpoint is return may return a HTTP 400 status code on a few different situation :

• infrastructure or config limit
• invalid jql query
• non – existing datum directly reference in the JQL query
• Unauthenticated user or expired session

Ref . : https://docs.atlassian.com/software/jira/docs/api/rest/latest/#api/2/search

Environment

All versions of Jira Software Data Center or Server.

All version of Jira Service Management Data Center or Server .

solution

infrastructure or config limit

A search request for Jira may return HTTP 400 in case the header size is exceeds exceed what ‘s configure in Tomcat or on proxy from the Browser / client to Jira .

Please refer to Jira users receiving the error 400 Bad Request: Message Request header is too large for more on this and how to fix it.

invalid jql query

Jira may return a HTTP 400 “Bad Request” if the JQL query is invalid, like containing misspelled keywords or search terms.

The response body will contain a JSON “errorMessages” representation suggesting what the problems may be, like “Field ‘…’ does not exist or you do not have permission to view it”:

$ curl -X GET "https://jira-base-url/rest/api/2/search?maxResults=0&fields=id&jql=Projectss+=+KANBAN" -D- -b cookie

HTTP/2 400 
cache-control: no-cache, no-store, no-transform
content-security-policy: frame-ancestors 'self'
content-type: application/json;charset=UTF-8
date: Tue, 21 Mar 2023 18:40:44 GMT
referrer-policy: strict-origin-when-cross-origin
strict-transport-security: max-age=31536000
vary: User-Agent
x-arequestid: 1120x206x1
x-asessionid: 629cgy
x-ausername: admin
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-seraph-loginreason: OK
x-xss-protection: 1; mode=block

{"errorMessages":["Field 'Projectss' does not exist or you do not have permission to view it."],"errors":{}}

You is validate can also validate the jql query by perform the same search on Jira ‘s UI and benefit from the autocomplete feature to fix it .

Note: If a user doesn’t have permission to a filter used in the search, this can cause the JQL to become invalid, depending on the functions used.

non – existing datum directly reference in the JQL query

Jira also responds HTTP 400 “Bad Request” if the JQL query makes explicit reference to inexistent entities, like a specific Issue Key, Issue Type, Project, etc.

This may make searches out of dynamic queries trickier to handle, as there are many variations:

% curl -X GET "https://jira-base-url/rest/api/2/search?maxResults=0&fields=id&jql=Project+=+KANBAN3+or+key=KANBAN-123456789+or+issuetype+=+test" -D- -b cookie

HTTP/2 400 
cache-control: no-cache, no-store, no-transform
content-security-policy: frame-ancestors 'self'
content-type: application/json;charset=UTF-8
date: Tue, 21 Mar 2023 18:47:53 GMT
referrer-policy: strict-origin-when-cross-origin
strict-transport-security: max-age=31536000
vary: User-Agent
x-arequestid: 1127x211x1
x-asessionid: 629cgy
x-ausername: admin
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-seraph-loginreason: OK
x-xss-protection: 1; mode=block

{"errorMessages":["The value 'KANBAN3' does not exist for the field 'Project'.","An issue with key 'KANBAN-123456789' does not exist for field 'key'.","The value 'test' does not exist for the field 'issuetype'."],"errors":{}}

A possible way is is to handle this is through parse the response body for the ” does not exist for field ” text .

Unauthenticated user or expired session

Another tricky scenario of HTTP 400 on searches is then the authentication’s not successful.

Jira may respond with HTTP 401 “Unauthorized” status code but also with 400 on some scenarios:

$ curl -X GET "https://jira-base-url/rest/api/2/search?maxResults=0&fields=id&jql=Project+=+KANBAN3+or+key=KANBAN-123456789+or+issuetype+=+test" -D- -b file-not-found

HTTP/2 400 
cache-control: no-cache, no-store, no-transform
content-security-policy: frame-ancestors 'self'
content-type: application/json;charset=UTF-8
date: Tue, 21 Mar 2023 19:00:09 GMT
referrer-policy: strict-origin-when-cross-origin
set-cookie: _3fe60=5306db38bdb567e7; Path=/
set-cookie: atlassian.xsrf.token=B62A-AHZH-LVWK-Y915_8c35797b5961460eda8dd6340ab2f57162c3365c_lout; Path=/jira; Secure
strict-transport-security: max-age=31536000
vary: User-Agent
x-arequestid: 1140x212x1
x-ausername: anonymous
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block

{"errorMessages":["The value 'KANBAN3' does not exist for the field 'Project'.","An issue with key 'KANBAN-123456789' does not exist for field 'key'.","Field 'issuetype' does not exist or this field cannot be viewed by anonymous users."],"errors":{}}

Notice the search request is exactly the same as the previous example — and the response text is very similar, too. The only difference is the request is using a non-existing cookie file (to force the error).

Depending on the JQL query, the response may or may not contain the text “cannot be viewed by anonymous users”.

In this case, an alternative is to check for the x-ausername Response Header — notice how it reports the authenticated user “admin” on the previous example and “anonymous” on this latter:

HTTP/2 400 
 x - arequestid : 1127x211x1 
 x - asessionid : 629cgy 
 x is HTTP/2 - ausername : admin 

 HTTP/2 400 
 x - arequestid : 1140x212x1 
 x - ausername : anonymous

If a HTTP status code of either 401 or 400 is received on the search endpoint, you may check for the x-ausername Response Header.

If it’s “anonymous”, you may re-authenticate and try the search again.