Showing results for 
Search instead for 
Did you mean: 
Sign up Log in

Next challenges

Recent achievements

  • Global
  • Personal


  • Give kudos
  • Received
  • Given


  • Global

Trophy case

Kudos (beta program)

Kudos logo

You've been invited into the Kudos (beta program) private group. Chat with others in the program, or give feedback to Atlassian.

View group

It's not the same without you

Join the community to find out what other Atlassian users are discussing, debating and creating.

Atlassian Community Hero Image Collage

Problem with Python + API_KEY + Add user to group

Good time of day!
Please help to understand the request to add a user to the desired group.

We use the cloud version of Atlassian. And we use the request by:
url = "https://<mycompanyname>

I can't figure it out by myself and write a request.
I do it according to this instruction
In the "Add user to group" section

I'm creating a token at
I'm putting it in the Bearer: "<access_token>

in "accountId": I specify the user Id.

Where do I specify the desired group?

Or in "accountId": should I specify the group Id? Then where do I specify the user name to add it?

Please help us with this question. For a few days now, I've been tormented, I can't find a working variant.

I need to add a specific user to a specific group using python. Please tell me how best to do it, where to find the right, working example?


He keeps coming back:

"Returned if the authentication credentials are incorrect or missing from the request. 401"


"message": "Client must be authenticated to access this resource.",
"status-code": 401


Hi Konstantin,

The documentation can be a bit misleading. Unless you are using OAUTH,

Bearer: <access_token>

is not what you want to use. I suggest you try using HTTP Basic Auth, as explained here:

Hope that helps,



P.S. A similar issue came up the other and thanks to Dario Bonotto, there already is a request to have the documentation fixed.

Like Konstantin Belenko likes this

Okay. Okay. Thank you.
But how do I write a request?
Where do I enter the group and user IDs?
Could you give an example of how to use it?
If possible, it is desirable to use python =)

I tried to write from the link as an example, but the script refuses to work. API toke took from



Ah, sorry I missed that part of the question. Two more changes should get you going. 

First, it has to be a POST request instead of GET. Rule of thumb here is: GET request will always just get some information, POST requests change things.

Second, the group name has to be part of the URL. The documentation says so, but the examples do not really show this. 

My Python is a bit rusty, but the following should get you going, just replace YOUR_AUTH, YOUR_GROUP and ACCOUNT_ID:

import requests
import json

url = ""

headers = {
   "Accept": "application/json",
   "Content-Type": "application/json",
   "Authorization" : "Basic YOUR_AUTH"

payload = json.dumps( {
  "accountId": "ACCOUNT_ID"
} )

response = requests.request(

print(json.dumps(json.loads(response.text), sort_keys=True, indent=4, separators=(",", ": ")))
Like Konstantin Belenko likes this

I'm trying to follow your recommendation by filling out
YOUR_GROUP = confluence-users (default group)
YOUR_AUTH = "Basic <API Token>
ACCOUNT_ID = respectively

Now the page returns me an error (401)


Please, I need your help :)


Could it be a wrong request to url?
I'm trying to change it to groupid/group_id, but it gives the same 401 :(

<title>Unauthorized (401)</title>

I noticed if you remove the "Authorization" line: "Basic <Api Key>" That error 401 changes to:

<?xml version="1.0" encoding="UTF-8" standalone="yes"?><status><status-code>401</status-code><message>Client must be authenticated to access this resource.</message></status>


Hi Konstantin,

did you base64-encode your e-mail:API-token pair? Simply copying the token into place should fail.

Alternatively you could try by adding your e-mail and API-token directly to the URL, although that always seemed messy to me. Anyway, that would look like this:


url = ""

headers = {
   "Accept": "application/json",
   "Content-Type": "application/json"
Like Konstantin Belenko likes this

"did you base64-encode your e-mail:API-token pair?

I'm not sure what you mean.
Probably not. I create a token and copy it in place of <API Token>. I haven't seen any coding information, can you tell me more? Maybe that's it?

Alas, but this request did not help. The script crashes with an error:


OMG, it was all about the encoding. I wasn't doing the right thing and I misread the instructions you sent me. I encoded the e-mail separately, and I needed the whole line of e-mail:API-token.
I apologize for my stupidity. I'm just learning :)
Thank you. Everything works. After all, the code looks like this:

import requests
import json

url = "<GroupeName>"

headers = {
"Accept": "application/json",
"Content-Type": "application/json",
"Authorization": "Basic <e-mail:API-token in Base-64 encoding>"

payload = json.dumps( {
"accountId": "<userId>"
} )

response = requests.request(


I have one more request for you.
Can I add a user by e-mail or by their name instead of their ID?

Happy to hear that it's working for you now!

If I remember correctly, you can either use the accountId or the username. However, the preferred way is the accountId, because of privacy concerns, see also here:

Like Konstantin Belenko likes this

Yeah, I understand that this is a moment of safety.
The thing is that we have a script to create an account, and the only parameter I can extract is Login or email.
And here we come across the pitfalls again.

payload = json.dumps( {
"emailAddress": "<userEmail>" # Or "username": "<login>"
} )


"errorMessages": [
"Specified user does not exist or you do not have required permissions"
"errors": {}

I can extract userid from the GET request.
But the request gives out a lot of other information. And I haven't yet figured out how to extract only userId from it and write it into a variable for further use.

Only way I could think of is first retrieving the accountId for each user using the '/rest/api/3/user' resource and then using that accountId to add the user to the group.

That's an extra step for each user, but I do not think there is a way around this.

Like Konstantin Belenko likes this


Log in or Sign up to comment

Community Events

Connect with like-minded Atlassian users at free events near you!

Find an event

Connect with like-minded Atlassian users at free events near you!

Unfortunately there are no Community Events near you at the moment.

Host an event

You're one step closer to meeting fellow Atlassian users at your local event. Learn more about Community Events

Events near you