I am getting the following error while trying to trigger Jenkins job from any REST Client

Authentication required

     <!-- You are authenticated as: anonymous
Groups that you are in:

Permission you need to have (but didn't):
hudson.model.Hudson.Read
... which is implied by: hudson.security.Permission.GenericRead
... which is implied by: hudson.model.Hudson.Administer
-->
    </body> </html>

The request is getting triggered while using curl from terminal

I am using the following syntax

http://user:apiToken@jenkins.yourcompany.com/job/your_job/build?token=TOKEN [ref :https://wiki.jenkins-ci.org/display/JENKINS/Authenticating+scripted+clients]

ie. curl -X POST http://user:apiToken@jenkins.yourcompany.com/job/your_job/build?token=TOKEN

Check this "This build is parameterized " , select the credentials parameter from drop down. Use this

curl -X POST http://jenkins.rtcamp.com/job/Snapbox/buildWithParameters --user "username:password"

It solved my authentication problem.

I hope it will help others too.

My development team's configuration settings were matrix-based security so I had to find my group and give my group workspace access.

1.Click on Manage Jenkins .   
2.Click on Configure Global Security .  
3.in matrix-based security change: 

Overall - Read   
Job - Build  
Job - Read   
Job - Workspace  

Then

    POST jobUrl/buildWithParameters HTTP/1.1
    Host: user:token
    Authorization: Basic dWdlbmxpazo4elhjdmJuTQ==
    Cache-Control: no-cache
    Content-Type: application/x-www-form-urlencoded

    Branch=develop

For me

https://user:password@jenkins.mycompany.org/job/job_name/build?token=my_token

in https://jenkins.mycompany.org/configureSecurity

disable CORS

hope this help

I provided header Authorization parameter with value : BASIC base_64encoded(username:password) and it worked fine.

Authorization Basic bmltbWljdjpqZX*********

Try using the -u parameter to specify the credentials:

curl -u user:apiToken -X POST http://jenkins.yourcompany.com/job/your_job/build?token=TOKEN

Simply disable "CSRF Protection" in the global Security Options, because those URLs don't send post data identification.