The authentication is based on Jira's REST API authentication, so you can use HTTP basic authentication using some user credentials.
Jira 8.14 introduced the concept of Personal Access Tokens, which Xray takes advantage of. These tokens can be created in the user's profile section in Jira and have an expiration date; they can also be revoked at any moment (more information here).
To use them in Jira's and in Xray REST API calls, we need to use the HTTP header "Authorization" with the "Bearer <token>" value.
It is also possible to use OAuth (see more information here).
Version and URI
The Xray REST API has 2 versions: v1.0 and v2.0. New versions of the API are created whenever there are breaking changes that can have a big impact on current integrations.
The URIs for resources have the following structure:
Note that the latest version of the Xray REST API is version 2.0. All endpoints from version 1.0 are available in version 2.0 unless they have been deprecated and removed intentionally.
You can also use "
<latest>" as the API version. This will default to the latest version that is v2.0.
Check out the documentation for each version: