Are you in the loop? Keep up with the latest by making sure you're subscribed to Community Announcements. Just click Watch and select Articles.

Showing results for 
Search instead for 
Did you mean: 
Sign up Log in

Earn badges and make progress

You're on your way to the next level! Join the Kudos program to earn points and save your progress.

Deleted user Avatar
Deleted user

Level 1: Seed

25 / 150 points

Next: Root


1 badge earned


Participate in fun challenges

Challenges come and go, but your rewards stay with you. Do more to earn more!


Gift kudos to your peers

What goes around comes around! Share the love by gifting kudos to your peers.


Rise up in the ranks

Keep earning points to reach the top of the leaderboard. It resets every quarter so you always have a chance!


Unable to access users/search API from Atlassian Connect app


We've got an Atlassian Connect app for Jira Cloud. When we install the app into a Jira Cloud instance, we want to be able to call the users/search API on behalf of the app. However, when we try, our call to users/search fails with an HTTP 403 (Forbidden).

The API documentation indicates that users/search requires the "Browse users and groups global permission". However, it's not clear how to grant this permission to an Atlassian Connect app. The app descriptor for an Atlassian Connect app is controlled by scopes. Our Connect app declares the READ scope. It's not clear how the scopes relate to global permissions.

Is there something I can do to make the Atlassian Connect app authorized to call the users/search API? Is there something I can do to the Connect app descriptor file to grant the app the "Browse users and groups" global permission?


Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
Nov 21, 2019

@Matt KleinI think you are using wrong application scope.

  • READ scope implies that you can call READ (i.e.) request from your application in front-end. By using AP.request in JS API.
  • If you want to call from your application (i.e. back-end) on behalf of some user you will need to set, 'ACT_AS_USER' scope.

Oh thanks, looks promising! I'll give that a try.

Thanks again for the suggestion. I've been experimenting with that but I still can't get my Atlassian Connect app to successfully call the users/search API. When I use the ACT_AS_USER scope, which user is the Connect app acting as? And how do I assign whatever user that is the global permission "Browse users and groups" that seems to be required?

I see that there's apparently a built-in group called "atlassian-addons-admin", so I suspected that might be the user the Atlassian Connect app is acting as, but even after I've granted that group the "Browse users and groups" global permission, I still get an HTTP 403 (Forbidden) when I call the users/search API.

Hi, did you ever resolve this? I am fighting with the same...


Log in or Sign up to comment
AUG Leaders

Atlassian Community Events