403 Forbidden response in user management API to disable a user in Jira cloud

Joel Cook March 24, 2020

I'm using the user management REST api in Jira cloud. The POST request is as follows:

https://api.atlassian.com/users/{{userid}}/manage/lifecycle/disable

(where {{userid}} is the Jira id of the user I want to disable)

I'm using Bearer Token authorization with a valid Admin token.

I'm trying to test this in Postman.

Every time I run it, I get a 403 Forbidden response. The full body of the response is:

{
    "key""forbidden",
    "context""Error: Caller must be an org admin of targeted account or be the targeted account",
    "errorKey""forbidden",
    "errorDetail""Error: Caller must be an org admin of targeted account or be the targeted account"
}

However, I am an org & site admin:

Also noteworthy: in the UI, when I generate the admin key and click "Done", the UI gives me a message "Something went wrong; try again later."

 

1 answer

0 votes
Hazwan Ariffin
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
March 24, 2020

Hey Joel,

For UM rest API, you would need to get the token from https://admin.atlassian.com/o/<orgid>/admin-api.

Basically go to https://admin.atlassian.com/ > Settings > API key. Generate the token and use that token to run the call. That should work.

Let me know how it goes

Joel Cook March 25, 2020

I actually did use that link to generate the API token. When it gets to the https://admin.atlassian.com/o/<orgid>/admin-api link, I get the UI error.

Jira Admin API Error.PNG

Hazwan Ariffin
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
March 30, 2020

I was having the same issue before. I tested again this morning, and the page seems to be loading now. Have a look and try to generate a new API, and use it for your call. 

See if you're still hitting the 403 error.

Joel Cook March 31, 2020

Thanks for the response. The UI errors are gone now (good!) but even after generating a new key, I still get the 403-Forbidden response. I've opened a ticket with Jira support for them to look into it.

Sara Davatelis April 27, 2020

I'm having the same issue right now. Was support able to resolve? 

Joel Cook April 30, 2020

Yes (I believe). The issue is that we have not "verified our domain". This is a request that will have to be handled by our system administrators, so I don't have the final status on the API working or not, but I feel very confident this is going to fix the problem.

Scott R June 22, 2020

I have a Token from the link above and why using the API call I get errors:     

"key": "forbidden",    

"context": "Error: Caller must be an org admin of targeted account or be the targeted account",

"errorKey": "forbidden",    

"errorDetail": "Error: Caller must be an org admin of targeted account or be the targeted account"

 

I see that no one from Atlassian has answered this problem for some time.. Looks like it was submitted in March.

Harry Bob
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
July 2, 2020

I'm having the same issue on our end. However I have verified my domain so not sure why.

 

Any suggestions?

Perrine HUVETEAU April 22, 2021

Same issue here.
i'm using the right org token, i'm an org admin with a verified domain.
The API is working fine for other api call such as org id, or user for org.

But i'm having a "Caller must be an org admin of targeted account or be the targeted account" when trying to disable a user.

Is there something else i'm missing ? 

Shahin Mohammadkhani May 3, 2021

I'm having the same issues. our scripts suddenly stopped working. this is causing a huge problem in our user management at the moment. and now generating new API keys dont allow me make API calls.

Prakash Ganeshan May 27, 2021

There is a open ticket with Atlassian, looks like unverified accounts won't be able to update using API :(

https://jira.atlassian.com/browse/ID-7677

Suggest an answer

Log in or Sign up to answer