Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Deleted user
0 / 0 points
badges earned

Your Points Tracker
  • Global
  • Feed

Badge for your thoughts?

You're enrolled in our new beta rewards program. Join our group to get the inside scoop and share your feedback.

Join group
Give the gift of kudos
You have 0 kudos available to give
Who do you want to recognize?
Why do you want to recognize them?
Great job appreciating your peers!
Check back soon to give more kudos.

Past Kudos Given
No kudos given
You haven't given any kudos yet. Share the love above and you'll see it here.

It's not the same without you

Join the community to find out what other Atlassian users are discussing, debating and creating.

Atlassian Community Hero Image Collage

Unable to access users/search API from Atlassian Connect app Edited

We've got an Atlassian Connect app for Jira Cloud. When we install the app into a Jira Cloud instance, we want to be able to call the users/search API on behalf of the app. However, when we try, our call to users/search fails with an HTTP 403 (Forbidden).

The API documentation indicates that users/search requires the "Browse users and groups global permission". However, it's not clear how to grant this permission to an Atlassian Connect app. The app descriptor for an Atlassian Connect app is controlled by scopes. Our Connect app declares the READ scope. It's not clear how the scopes relate to global permissions.

Is there something I can do to make the Atlassian Connect app authorized to call the users/search API? Is there something I can do to the Connect app descriptor file to grant the app the "Browse users and groups" global permission?

1 comment

DPK J Community Leader Nov 21, 2019

@Matt KleinI think you are using wrong application scope.

  • READ scope implies that you can call READ (i.e.) request from your application in front-end. By using AP.request in JS API.
  • If you want to call from your application (i.e. back-end) on behalf of some user you will need to set, 'ACT_AS_USER' scope.

Oh thanks, looks promising! I'll give that a try.

Thanks again for the suggestion. I've been experimenting with that but I still can't get my Atlassian Connect app to successfully call the users/search API. When I use the ACT_AS_USER scope, which user is the Connect app acting as? And how do I assign whatever user that is the global permission "Browse users and groups" that seems to be required?

I see that there's apparently a built-in group called "atlassian-addons-admin", so I suspected that might be the user the Atlassian Connect app is acting as, but even after I've granted that group the "Browse users and groups" global permission, I still get an HTTP 403 (Forbidden) when I call the users/search API.


Log in or Sign up to comment
Community showcase
Published in Jira Service Management

JSM June Challenge #2: Share how your business teams became ITSM rockstars

For JSM June Challenge #2, share how your non-technical teams like HR, legal, marketing, finance, and beyond started using Jira Service Management! Tell us: Did they ask to start using it or...

299 views 9 7
Read article

Community Events

Connect with like-minded Atlassian users at free events near you!

Find an event

Connect with like-minded Atlassian users at free events near you!

Unfortunately there are no Community Events near you at the moment.

Host an event

You're one step closer to meeting fellow Atlassian users at your local event. Learn more about Community Events

Events near you