Are you in the loop? Keep up with the latest by making sure you're subscribed to Community Announcements. Just click Watch and select Articles.

×
Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Products
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Celebration

Earn badges and make progress

You're on your way to the next level! Join the Kudos program to earn points and save your progress.

Deleted user Avatar
Deleted user

Level 1: Seed

25 / 150 points

Next: Root

Avatar

1 badge earned

Collect

Participate in fun challenges

Challenges come and go, but your rewards stay with you. Do more to earn more!

Challenges
Coins

Gift kudos to your peers

What goes around comes around! Share the love by gifting kudos to your peers.

Recognition
Ribbon

Rise up in the ranks

Keep earning points to reach the top of the leaderboard. It resets every quarter so you always have a chance!

Leaderboard

Join now to unlock these features and more

Unable to access users/search API from Atlassian Connect app

Edited
Matt Klein
Matt Klein Nov 21, 2019

We've got an Atlassian Connect app for Jira Cloud. When we install the app into a Jira Cloud instance, we want to be able to call the users/search API on behalf of the app. However, when we try, our call to users/search fails with an HTTP 403 (Forbidden).

The API documentation indicates that users/search requires the "Browse users and groups global permission". However, it's not clear how to grant this permission to an Atlassian Connect app. The app descriptor for an Atlassian Connect app is controlled by scopes. Our Connect app declares the READ scope. It's not clear how the scopes relate to global permissions.

Is there something I can do to make the Atlassian Connect app authorized to call the users/search API? Is there something I can do to the Connect app descriptor file to grant the app the "Browse users and groups" global permission?

Comment
Watch
Like Be the first to like this
916 views

2 comments

DPKJ
DPKJ
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
Become a leader
Nov 21, 2019

@Matt KleinI think you are using wrong application scope.

  • READ scope implies that you can call READ (i.e.) request from your application in front-end. By using AP.request in JS API.
  • If you want to call from your application (i.e. back-end) on behalf of some user you will need to set, 'ACT_AS_USER' scope.
Like
Matt Klein
Matt Klein Nov 22, 2019

Oh thanks, looks promising! I'll give that a try.

Like
Matt Klein
Matt Klein Nov 22, 2019

Thanks again for the suggestion. I've been experimenting with that but I still can't get my Atlassian Connect app to successfully call the users/search API. When I use the ACT_AS_USER scope, which user is the Connect app acting as? And how do I assign whatever user that is the global permission "Browse users and groups" that seems to be required?

I see that there's apparently a built-in group called "atlassian-addons-admin", so I suspected that might be the user the Atlassian Connect app is acting as, but even after I've granted that group the "Browse users and groups" global permission, I still get an HTTP 403 (Forbidden) when I call the users/search API.

Like
Reply
Radovan Vacek
Radovan Vacek Aug 16, 2023

Hi, did you ever resolve this? I am fighting with the same...

Like
Reply

Comment

Log in or Sign up to comment
Jira Core
Jira Core Server
TAGS
AUG Leaders

Atlassian Community Events

See all events