Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Product Q&A
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

A member of confluence-administrators receiving empty email string in API Response

shwetagulati
shwetagulati February 24, 2022

In User Email Visibility setting set to site administrators, user form group confluence-administrators not able to see email .

 

API called - {{BaseUrl}}/rest/mobile/1.0/profile/nop
Response - 

{
    "userName""nop",
    "fullName""nop",
    "avatarUrl""/images/icons/profilepics/default.svg",
    "url""/display/nop",
    "email""",
    "userPreferences": {
        "watchOwnContent"true
    },
    "unknownUser"false,
    "about""",
    "anonymous"false
}



Screenshot 2022-02-24 171111.png

Screenshot 2022-02-24 165358 (1).png

Screenshot 2022-02-24 165326.png

 

 

 

Answer
Watch
Like Be the first to like this
274 views

1 answer

0 votes
Thiago Masutti
Thiago Masutti
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
February 24, 2022

Hi @shwetagulati 
I hope you are well.

This is the expected behavior for the User email visibility when set to only visible to site administrators.

The API you are using is for internal use only (meaning it is used by internal Confluence operations) and might be used to show information on the UI (when accessing Confluence through a mobile device).

That means the result of that API shouldn't disclose the email address even for a Confluence administrator.
For administrators, the email of a user should be shown only on the View User admin page.
admin-email-user.png

The ability to manage users through a REST API is an open feature reported on CONFSERVER-56205 .
Therefore, there won't be a public, supported API to display users' emails on the above scenario.

Kind regards,
Thiago Masutti

View More Comments
shwetagulati
shwetagulati February 24, 2022

Hi @Thiago Masutti , Thank you so much for the response.  Can you point us to the documentation of this API -  {{BaseUrl}}/rest/mobile/1.0/profile/<username> . We have seen cases in one of our confluence instance that this API returns 401 for a user who has only view access for certain spaces in Confluence whereas in other instance , API never returns 401, its just that the email depends on the User Email visibility setting. We want to check what are the permissions/control knobs required for this API.    

Like
Thiago Masutti
Thiago Masutti
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
February 25, 2022

Hi @shwetagulati 

Since this is an internal API, it isn't published in the Confluence REST API Documentation and isn't supported by the Atlassian REST API policy .

The 401 HTTP Status may indicate something wrong with the user authentication method, not with the internal authorization logic of the backend (that would be a 403 status).

If that's happening only with a user (or a few users) on a specific instance, then it might be on how the user is triggering that request.

This user could test accessing the API through the browser, after a regular authentication, to see if that gives any error.

api-001.png

If the issue still occurs even on a browser, then I would recommend creating a support request.

Kind regards,
Thiago Masutti

Like
Reply

Suggest an answer

Log in or Sign up to answer
Confluence
Confluence
TAGS
AUG Leaders

Atlassian Community Events

    See all events