Integration with Jira Cloud/Server - Atlassian has depreciated use of passwords

According to Atlassian:

The deprecation period for this functionality has ended. From June 3rd, 2019, we will be progressively disabling the usage of this authentication method.

If you are using a REST endpoint in Jira with basic authentication, update your app or integration to use API token

Atlassian has introduced support for API tokens for all Atlassian Cloud sites as a replacement for basic authentication requests that previously used a password or primary credential for an Atlassian account, as well as cookie-based authentication.

Basic authentication with passwords and cookie-based authentication are now deprecated and will be removed in 2019 in accordance with the Atlassian REST API policy.

What is changing?

If you currently rely on a script, integration, or application that makes requests to Jira Cloud with basic or cookie-based authentication, you should update it to use basic authentication with an API token, OAuth, or Atlassian Connect as soon as possible.

Learn more about creating API tokens.

Why is Atlassian making this change?

Using primary account credentials like passwords outside of Atlassian's secure login screens creates security risks for our customers. API tokens allow users to generate unique one-off tokens for each app or integration that can be easily revoked if needed.

Furthermore, as customers adopt features like two-factor authentication and SAML, passwords may not work in all cases. API tokens have been specifically designed as an alternative for Atlassian accounts in organizations that are using these features.

Which APIs and methods will be restricted?

For the following APIs and pages, all requests using basic authentication with a non-API token credential will return 401 ( Unauthorized) after the deprecation period:

• Jira Cloud public REST API
• Jira Software public REST API
• Jira Service Desk public REST API
• All Jira Cloud web pages

For more information, please refer to the Atlassian article:

https://developer.atlassian.com/cloud/jira/platform/deprecation-notice-basic-auth-and-cookie-based-auth/

What does this mean for me?

When you connect SpiraTest, SpiraTeam, or SpiraPlan with Jira Cloud using our data synchronization system, you will need to connect using:

• Jira URL (e.g. https://mycompany.atlassian.net)
• Jira login (e.g. fredbloggs@mycompany.com)
• Jira API Key (see this article for creating a Jira API Token)

Update - this change now affects Jira server as well.

I still can't connect, what do I do?

If you have entered your correct details as described above but are still having problems connecting to Jira please try the following steps. These cut out SpiraPlan completely. Instead they directly test your access  to Jira's APIs.

1. Go to: https://reqbin.com/curl
2. This will let you paste in a command to run an API call from the browser directly to Jira.
3. Paste in the text below into the box on the left - make sure to change the parts in "< >" with your actual data.
4. Click RUN
5. This gets all the Jira projects you have access to and shows them in a code friendly form (JSON)
6. On the right hand side you should see the results.
7. If you can connect fine then the right hand side should say "200 OK" and you will see text in the box on the right. Take a scan - you should some lines that start with "name: " or "key: " and then have text after that matches up with projects you know in Jira. 
8. If you do not see "200 OK" on the right hand side then your Jira authentication is not working. You need to talk to your Jira admin or support

curl --request GET \
  --url 'https://<YOUR DOMAIN>.atlassian.net/rest/api/3/project/search' \
  --user '<USERNAME>:<API KEY>' \
  --header 'Accept: application/json'