One common problem with REST API access to Atlassian applications is dealing with authentication.
As a user, you've probably noticed this when, once in a while, you go to an Atlassian app and have to log in again. As a human, this situation is pretty easy to detect and fix. For something that is programmatically interacting with an application, it is much harder to detect! Imagine that you submit a query to JIRA and, instead of getting back 200 results, you get back only the 5 issues that anonymous users can see. Nothing obviously failed but you don't get the results you want.
To avoid this, Atlassian applications treat cookie expiration differently under the /rest URLs. If you submit an expired cookie to a REST resource under the /rest URL, you receive a 401 error response instead of silently being treated as an anonymous user. Thus, the REST application can resubmit credentials in this case.
Note that this behaviour does not apply, by default, to other parts of the system. This only affects /rest URLs.
However, some applications may want to replicate this behaviour across the entirely of the system. For instance, if you are performing some kind of screen-scraping you might like to have this happen everywhere.
You can trigger this behaviour by adding the os_authType query parameter in your URL. os_authType supports the following parameters and behaviour:
The server will return a 401 error response and perform an HTTP Basic Authentication challenge if no username and password is specified
The server will return a 401 error response if a valid cookie is not provided in the request
If a username and password are not specified and there is not valid cookie, the server will return a 401 error response