Create
cancel
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Celebration

Earn badges and make progress

You're on your way to the next level! Join the Kudos program to earn points and save your progress.

Deleted user Avatar
Deleted user

Level 1: Seed

25 / 150 points

Next: Root

Avatar

1 badge earned

Collect

Participate in fun challenges

Challenges come and go, but your rewards stay with you. Do more to earn more!

Challenges
Coins

Gift kudos to your peers

What goes around comes around! Share the love by gifting kudos to your peers.

Recognition
Ribbon

Rise up in the ranks

Keep earning points to reach the top of the leaderboard. It resets every quarter so you always have a chance!

Leaderboard

Come for the products,
stay for the community

The Atlassian Community can help you and your team get more value out of Atlassian products and practices.

Atlassian Community about banner
4,560,236
Community Members
 
Community Events
185
Community Groups

Problem with Python + API_KEY + Add user to group

Good time of day!
Please help to understand the request to add a user to the desired group.

We use the cloud version of Atlassian. And we use the request by:
url = "https://<mycompanyname>.atlassian.net/rest/api/2/group/user

I can't figure it out by myself and write a request.
I do it according to this instruction https://developer.atlassian.com/cloud/jira/platform/rest/v2/#api-rest-api-2-group-user-post
In the "Add user to group" section

I'm creating a token at https://id.atlassian.com/manage/api-tokens
I'm putting it in the Bearer: "<access_token>

in "accountId": I specify the user Id.

Where do I specify the desired group?

Or in "accountId": should I specify the group Id? Then where do I specify the user name to add it?

Please help us with this question. For a few days now, I've been tormented, I can't find a working variant.

I need to add a specific user to a specific group using python. Please tell me how best to do it, where to find the right, working example?

 

He keeps coming back:

"Returned if the authentication credentials are incorrect or missing from the request. 401"

or

"message": "Client must be authenticated to access this resource.",
"status-code": 401

2 comments

Oliver Siebenmarck _Polymetis Apps_
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
Jul 04, 2019

Hi Konstantin,

The documentation can be a bit misleading. Unless you are using OAUTH,

Bearer: <access_token>

is not what you want to use. I suggest you try using HTTP Basic Auth, as explained here: https://developer.atlassian.com/cloud/jira/platform/jira-rest-api-basic-authentication/

Hope that helps,

 Oliver

 

P.S. A similar issue came up the other and thanks to Dario Bonotto, there already is a request to have the documentation fixed.

Like Konstantin Belenko likes this

Okay. Okay. Thank you.
But how do I write a request?
Where do I enter the group and user IDs?
Could you give an example of how to use it?
If possible, it is desirable to use python =)

I tried to write from the link as an example, but the script refuses to work. API toke took from https://id.atlassian.com/manage/api-tokens

 

photo_2019-07-04_18-32-10.jpg

Oliver Siebenmarck _Polymetis Apps_
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
Jul 04, 2019

Ah, sorry I missed that part of the question. Two more changes should get you going. 

First, it has to be a POST request instead of GET. Rule of thumb here is: GET request will always just get some information, POST requests change things.

Second, the group name has to be part of the URL. The documentation says so, but the examples do not really show this. 

My Python is a bit rusty, but the following should get you going, just replace YOUR_AUTH, YOUR_GROUP and ACCOUNT_ID:

import requests
import json

url = "https://innovecs.atlassian.net/rest/api/2/group/user?groupname=YOUR_GROUP"

headers = {
   "Accept": "application/json",
   "Content-Type": "application/json",
   "Authorization" : "Basic YOUR_AUTH"
}

payload = json.dumps( {
  "accountId": "ACCOUNT_ID"
} )

response = requests.request(
   "POST",
   url,
   data=payload,
   headers=headers
)

print(json.dumps(json.loads(response.text), sort_keys=True, indent=4, separators=(",", ": ")))
Like Konstantin Belenko likes this

I'm trying to follow your recommendation by filling out
YOUR_GROUP = confluence-users (default group)
YOUR_AUTH = "Basic <API Token>
ACCOUNT_ID = respectively

Now the page returns me an error (401)

 

Please, I need your help :)

 

Could it be a wrong request to url?
I'm trying to change it to groupid/group_id, but it gives the same 401 :(

<title>Unauthorized (401)</title>


I noticed if you remove the "Authorization" line: "Basic <Api Key>" That error 401 changes to:

<?xml version="1.0" encoding="UTF-8" standalone="yes"?><status><status-code>401</status-code><message>Client must be authenticated to access this resource.</message></status>

 

Oliver Siebenmarck _Polymetis Apps_
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
Jul 05, 2019

Hi Konstantin,

did you base64-encode your e-mail:API-token pair? Simply copying the token into place should fail.

Alternatively you could try by adding your e-mail and API-token directly to the URL, although that always seemed messy to me. Anyway, that would look like this:

 

url = "https://YOUREMAIL:API-TOKEN@innovecs.atlassian.net/rest/api/2/group/user?groupname=YOUR_GROUP"

headers = {
   "Accept": "application/json",
   "Content-Type": "application/json"
}
Like Konstantin Belenko likes this

"did you base64-encode your e-mail:API-token pair?

I'm not sure what you mean.
Probably not. I create a token and copy it in place of <API Token>. I haven't seen any coding information, can you tell me more? Maybe that's it?

Alas, but this request did not help. The script crashes with an error:

photo_2019-07-05_11-29-27.jpg

OMG, it was all about the encoding. I wasn't doing the right thing and I misread the instructions you sent me. I encoded the e-mail separately, and I needed the whole line of e-mail:API-token.
I apologize for my stupidity. I'm just learning :)
Thank you. Everything works. After all, the code looks like this:

import requests
import json

url = "https://innovecs.atlassian.net/rest/api/2/group/user?groupname=<GroupeName>"

headers = {
"Accept": "application/json",
"Content-Type": "application/json",
"Authorization": "Basic <e-mail:API-token in Base-64 encoding>"
}

payload = json.dumps( {
"accountId": "<userId>"
} )

response = requests.request(
"POST",
url,
data=payload,
headers=headers
)

print(response.text)


I have one more request for you.
Can I add a user by e-mail or by their name instead of their ID?

Oliver Siebenmarck _Polymetis Apps_
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
Jul 05, 2019

Happy to hear that it's working for you now!

If I remember correctly, you can either use the accountId or the username. However, the preferred way is the accountId, because of privacy concerns, see also here: https://developer.atlassian.com/cloud/jira/platform/deprecation-notice-user-privacy-api-migration-guide/

Like Konstantin Belenko likes this

Yeah, I understand that this is a moment of safety.
The thing is that we have a script to create an account, and the only parameter I can extract is Login or email.
And here we come across the pitfalls again.

payload = json.dumps( {
"emailAddress": "<userEmail>" # Or "username": "<login>"
} )

shows:

{
"errorMessages": [
"Specified user does not exist or you do not have required permissions"
],
"errors": {}
}

I can extract userid from the GET request.
But the request gives out a lot of other information. And I haven't yet figured out how to extract only userId from it and write it into a variable for further use.

Oliver Siebenmarck _Polymetis Apps_
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
Jul 05, 2019

Only way I could think of is first retrieving the accountId for each user using the '/rest/api/3/user' resource and then using that accountId to add the user to the group.

That's an extra step for each user, but I do not think there is a way around this.

Like Konstantin Belenko likes this

Comment

Log in or Sign up to comment