Showing results for 
Search instead for 
Did you mean: 
Sign up Log in

Earn badges and make progress

You're on your way to the next level! Join the Kudos program to earn points and save your progress.

Deleted user Avatar
Deleted user

Level 1: Seed

25 / 150 points

Next: Root


1 badge earned


Participate in fun challenges

Challenges come and go, but your rewards stay with you. Do more to earn more!


Gift kudos to your peers

What goes around comes around! Share the love by gifting kudos to your peers.


Rise up in the ranks

Keep earning points to reach the top of the leaderboard. It resets every quarter so you always have a chance!


Come for the products,
stay for the community

The Atlassian Community can help you and your team get more value out of Atlassian products and practices.

Atlassian Community about banner
Community Members
Community Events
Community Groups

Unable to access users/search API from Atlassian Connect app


We've got an Atlassian Connect app for Jira Cloud. When we install the app into a Jira Cloud instance, we want to be able to call the users/search API on behalf of the app. However, when we try, our call to users/search fails with an HTTP 403 (Forbidden).

The API documentation indicates that users/search requires the "Browse users and groups global permission". However, it's not clear how to grant this permission to an Atlassian Connect app. The app descriptor for an Atlassian Connect app is controlled by scopes. Our Connect app declares the READ scope. It's not clear how the scopes relate to global permissions.

Is there something I can do to make the Atlassian Connect app authorized to call the users/search API? Is there something I can do to the Connect app descriptor file to grant the app the "Browse users and groups" global permission?

1 comment

DPKJ Community Leader Nov 21, 2019

@Matt KleinI think you are using wrong application scope.

  • READ scope implies that you can call READ (i.e.) request from your application in front-end. By using AP.request in JS API.
  • If you want to call from your application (i.e. back-end) on behalf of some user you will need to set, 'ACT_AS_USER' scope.

Oh thanks, looks promising! I'll give that a try.

Thanks again for the suggestion. I've been experimenting with that but I still can't get my Atlassian Connect app to successfully call the users/search API. When I use the ACT_AS_USER scope, which user is the Connect app acting as? And how do I assign whatever user that is the global permission "Browse users and groups" that seems to be required?

I see that there's apparently a built-in group called "atlassian-addons-admin", so I suspected that might be the user the Atlassian Connect app is acting as, but even after I've granted that group the "Browse users and groups" global permission, I still get an HTTP 403 (Forbidden) when I call the users/search API.


Log in or Sign up to comment

Atlassian Community Events