Blogging about this for my own reference as I spent quite a bit of time stuck by the issue checking scopes over and over again and not understanding why sometimes creating an issue via the Jira API via 3LO Authentication worked and others it didn’t

Below is the URL I was making an HTTP post to with the scopes read:jira-work and write:jira-work and getting a 401 error{cloudid}/rest/api/3/issue/

The solution is actually quite simple, remove the trailing slash!{cloudid}/rest/api/3/issue

And all of a sudden it works! I am guessing the Jira API sees the slash and believes its another API scope that you do not have access to.