Showing results for 
Search instead for 
Did you mean: 
Sign up Log in

Earn badges and make progress

You're on your way to the next level! Join the Kudos program to earn points and save your progress.

Deleted user Avatar
Deleted user

Level 1: Seed

25 / 150 points

Next: Root


1 badge earned


Participate in fun challenges

Challenges come and go, but your rewards stay with you. Do more to earn more!


Gift kudos to your peers

What goes around comes around! Share the love by gifting kudos to your peers.


Rise up in the ranks

Keep earning points to reach the top of the leaderboard. It resets every quarter so you always have a chance!


Come for the products,
stay for the community

The Atlassian Community can help you and your team get more value out of Atlassian products and practices.

Atlassian Community about banner
Community Members
Community Events
Community Groups

Jira ServiceDesk Approval API

I'm trying to develop some automation to approve ServiceDesk tickets from Slack using Workato. I'm referencing the documentation on ServiceDesk API here:\{issueIdOrKey}/approval-getApprovals

We have Workato connected to our development instance of Jira Server using basic authentication to a service account. When I try to use the ServiceDesk API above to approve a ticket, it gives the following response

"errorMessage": "You don't have approve permission.",
"i18nErrorMessage": {
"i18nKey": "sd.approval.error.approve.permission",
"parameters": []

Which makes sense, because the service account isn't the approver. How can we allow the service account to approve on behalf of the approver?

1 answer

1 accepted

1 vote
Answer accepted

I was walked through a way to do this by authenticating with OAuth 1.0 

How did you do it? I'm getting the same error even through OAuth.

@Albus Dumbledore , are you including the user_id parameter in requests? Also, are you using this same approval API? Have you successfully tested impersonating a user with a different API call? 

@Will Balson , we are trying to resolve the similar issue. Can you please provide me the details of authentication you did if it is from workato or Jira and steps to achieve this.

@Niharika Sarabu , at a high level, what we did was:

  • Generate keys and set up Oauth app in Jira as described in Atlassian's Oauth documentation:
  • Each time I want to call the ServiceDesk API for an approval, I first call a Python script I wrote which calculates the credentials from the keys
  • When calling the Servicedesk API, those oauth credentials are passed in the approval request, along with the user_id parameter for the user
Like Steffen Opel _Utoolity_ likes this

@Will Balson , Thanks for your response.

Can you share the script and also explain from where do you call the script, is it in workato or Jira?

Here is a rough version of our scrip -

Sorry for the 3rd party link, this community site rudely strips out all of my indentations when I try to paste

There are two components needed in Workato. First you need to configure Workato's on-prem agent to point to the script. You can learn more about that here:

The second piece is a recipe in Workato. I have a simple callable recipe (or "function" recipe), which takes as input the URL, method, body, data, and parameters. This recipe's only job is to take the URL, method, body, and data, pass it along to the script, and then spit out the credentials.

So from my approval recipe, for example, in one recipe step I'm calling that function recipe first to get the credentials, and then in the next recipe step I'm using those credentials to call ServiceDesk to perform the approval

Please carefully review the script and make sure you proofread, understand, and customize it before implementing in your environment!

Sure!! Thanks for the details & script.

Hello @Will Balson ,

Can you please share anonymized call you perform for the "get credentials" step?

I am a bit confused because can guess only part of arguments passed here )

url = sys.argv[2]
= sys.argv[1]
= sys.argv[3]
params = ast.literal_eval(sys.argv[4])

I suspect URL stands for one of following URLs:

request_token_url = 'http://localhost:8090/jira/plugins/servlet/oauth/request-token'
access_token_url = 'http://localhost:8090/jira/plugins/servlet/oauth/access-token'
authorize_url = 'http://localhost:8090/jira/plugins/servlet/oauth/authorize'

method - POST?

And data with params left me without options to guess :)

Any information will be appreciated,

Thank you.

Sure thing Oleg!

URL - The script is providing Oauth credentials for an API call, so this is the API endpoint that needs to be called. So it will be something like

Method - yep, this is GET, or POST, or DELETE, or PUT. Whatever the appropriate one is based on the method and what needs to be done

Data - often, this will be empty, if the API call is simply a GET for an issue. If you are dealing with Editing an issue, this will be a JSON of which fields are being updated. If you are adding a comment, it will be a JSON of the text you'd like to add as a comment.

Params - special options which control how the API call works. If the Application Link in your Jira is configured to "Allow user impersonation through 2-Legged OAuth" in the "incoming authentication" section, this is where you will specify user_id to perform that action on behalf of a user. If the API endpoint is search, I believe this is where you can specify which fields are returned, how many issues are returned, etc.

Below is an example of what it looks like when my bot is approving a ServiceDesk ticket on behalf of a user


data: {"decision": "approve"},

method: POST,

params: {'user_id': 'john'},





Happy to provide anything else if that's still not clear!

Like Oleg Pechkovskiy likes this

The documentation for the parameters and data body structures for each API call for Jira are here (for jira version 8.20) -

Suggest an answer

Log in or Sign up to answer

Atlassian Community Events