Using the rest api via javascript, how to authenticate?


I am using the rest api to extract data on a intranet. I use the $.post(youTrackLoginUrl, { login: "user", password: "pass" });.

But that only creates the session, not the cookie it self. How can I extract the value in Set-Cookie to use in my $.ajax? I use xhrFields and withCredentials also.

As of now I get forbidden all the time, if I check the response from the login it is OK, and the session is created.

The tracker is on and the intranet is on

I have checked the allow origins in the rest settings in the dashboard.


Some additional info about the response headers and the request headers can be found here :
Permanently deleted user
Hello, jinxen!
Could you please provide a place in your code, where you are setting "withCredentials" flag?
Also, there is an example of using YouTrack rest api from JavaScript, it may be useful for you:
Is there any example of the usage of youtrack.js?
Permanently deleted user
Yes, it's in the same project -
It was generally created as example of using REST from javascript.
To answer your original question.

var youTrackUrl = "" + projectName + "/issues?max=1000000";
var youTrackLoginUrl = "";

$.post(youTrackLoginUrl, { login: "user", password: "pass" }); // login is ok from this

// this gives me forbidden, and I can see that tha cookie is not created from the first post.
            url: youTrackUrl,
            xhrFields: {
withCredentials: true
            success: function (data) {
            // parses the xml to json...

If I check in FireBug, I can see that I recieve two cookies from the post, but only one seems to be created (session).
Hi Anna,

I was able to get the request to work from the youtrack.js example. Though IE 7-9 does not support CORS it does only work in chrome and FF so far, in IE Access is denied.

Is there anyway to change the request datatype to JSONP to work around this?
Permanently deleted user
I'm sorry, we only support xml and json as response type.
Is there any way to get around the CORS support to make it work in IE?
Permanently deleted user
Jinxen, did you enable in IE Access data source across domain in Security settings -> Miscellaneous?

Is there any similar example that exists on how to use the modern OAuth 2.0 (token based) authentication model? I have tried a few times to get it to working, but can't seem to figure it out. The only way I have been able to access the REST API is to do it by using the old-school cookie-based method, which is not ideal for my application.

The notice at the top of the page reads: 

API method described in this section have been deprecated. Instead of relying on cookie-based authorization, scripts or other clients should be adapted to Hub OAuth 2.0 auth instead.

All YouTrack REST methods support this token-based authorization (see Hub Oauth 2.0 documentation), thus you will not need to maintain both schemes once migrated.


Please sign in to leave a comment.