Zephyr Squad Server REST API

Zephyr Squad Server exposes its data via a built-in REST API which lets you access the data programmatically and build your own integrations. You can use the API to:

  • Get information about projects, releases, tests, and execution cycles.

  • Create new tests and test execution cycles.

  • Update tests and test execution status.

  • Add attachments to existing execution cycles.

For example, you can build an integration that would create a test in a separate tool or system and add it to Zephyr Squad, or create a test execution cycle and update the status of a test execution run after it has been executed in an automation tool.


The API is available out of the box since v. 5.6.0 and 4.5.0. In earlier versions of Zephyr Squad Server, access to the API was provided by an additional plugin, ZAPI, which has since been retired. Customers using those earlier versions need to upgrade Zephyr Squad Server to continue using the API.

Base URL

The base URL for API calls is:




latest is an alias for 1.0, so these URLs are equivalent to each other.

{JIRA-BASE-URL} is the base URL of your Jira Server. Note that this URL may include additional components (also called context path) after the host name. This depends on the settings of your Jira instance. For example:

Jira URL

Context path

Zephyr Squad Server API base URL



JSON format

The API uses JSON as the data format for most requests and responses. POST and PUT requests containing a JSON request body must include the Content-Type header:

Content-Type: application/json


All requests to the Zephyr Squad API must be authenticated. The API supports the same authentication methods as Jira Server itself:

You must use one of these methods in your API requests.

Also, note that the authenticated user must have the appropriate permissions to perform the desired operations.

Personal access tokens

Jira Server v. 8.14 and later support personal access tokens that allow client applications to impersonate a user without providing the user’s actual password. The token must be sent in the Authorization request header as follows:

Basic Authentication

The API supports Basic authentication using a Jira Server username and password. Send the username and password as a Base64-encoded string in the Authorization header:

For details, see Basic authentication in the Jira Server documentation.

Cookie-based authentication

This method uses HTTP cookies to authenticate requests and maintain session information.

The first thing you need to do is to get a session cookie. To do this, send a POST request to Jira Server’s /rest/auth/1/session endpoint:

If the username and password are valid, you will get a 200 OK response with the Set-Cookie header containing a cookie named JSESSIONID:

Set-Cookie: JSESSIONID=6E3487971234567896704A9EB4AE501F; Path=/; HttpOnly

You need to send this cookie in the Cookie header in subsequent requests. For example:

For details, see Cookie-based authentication in the Jira Server documentation.

OAuth 1.0 authentication

See OAuth in the Jira Server documentation to learn how to authenticate API calls using OAuth.


The complete API reference is available at:



The reference also contains code examples for cURL, Node.js, Python, C#, Java, and many other languages.

How to

Follow these links to know how to perform typical operations with Zephyr Squad Server API:

go.gifGet IDs

go.gifCreate a test

go.gifAdd steps to a test

go.gifCreate test cycles

go.gifAdd folders to a cycle

go.gifAdd tests to a cycle

go.gifGet test execution properties

go.gifUpdate test step status

go.gifUpdate test execution status

Got questions?

Visit the Zephyr Squad Community to ask questions or search for existing solutions.

See Also

Terms and Concepts

Publication date: