Jira REST API Audit Logs: AssociatedItems Name Field Shows IDs Instead of User Names

Nihar Markana _C_ December 9, 2024

 

Hi Team,

We are using the REST API: [link] to collect the Audit Logs of Jira Cloud.

During data collection, we noticed that some events (e.g., "User added to group," "User removed from group," etc.) include IDs in the name field of the associatedItems field instead of the actual names of the users on whom the actions were performed.

 

{
"id": 123456,
"summary": "User removed from group",
"created": "2024-12-09T06:24:37.645+0000",
"category": "group management",
"eventSource": "",
"objectItem": {
"name": "new-group",
"typeName": "GROUP",
"parentId": "2",
"parentName": "com.atlassian.crowd.directory.IdentityPlatformRemoteDirectory"
},
"associatedItems": [
{
"id": "ug:123ec4f5-a678-912b-34d5-6788123e4ada",
"name": "ug:123ec4f5-a678-912b-34d5-6788123e4ada",
"typeName": "USER",
"parentId": "1",
"parentName": "IDP Directory"
}
]
}

Is there any possible solution to retrieve the actual name in the raw event itself, instead of the ID in the name field, while collecting the audit log through the mentioned API?

1 answer

0 votes
Luiz Ricardo Pereira da Silva
Contributor
January 15, 2025

Hello @Nihar Markana _C_,

The REST API for these events will indeed return only the IDs, with the action's author being the only one returned by name.
As a workaround, consider adding the IDs to variables, if possible.

If the goal of these events, such as adding a user to a group, is to identify the user, this variable will help you perform another REST API call:

 

https://developer.atlassian.com/cloud/jira/platform/rest/v3/api-group-users/#api-rest-api-3-user-get

 

Using the result from the first REST API call, you can retrieve additional user details, such as names or other relevant information.

Let me know if this approach helps or if you have any questions—feel free to reach out!

Best regards,

Nihar Markana _C_ January 16, 2025

Hi @Luiz Ricardo Pereira da Silva , Thanks for taking this up.

We can use the mentioned API as a 2nd REST call, but the problem with that is we are not receiving the accountID in audit logs every time. for example it might contains the authorKey (i.e, ug:123ec4f5-a678-912b-34d5-6788123e4ada) which is deprecated from the Jira. 

"associatedItems": [
{
"id""ug:123ec4f5-a678-912b-34d5-6788123e4ada",
"name""ug:123ec4f5-a678-912b-34d5-6788123e4ada",
"typeName""USER",
"parentId""1",
"parentName""IDP Directory"
}
]

So how can we get the user details with the user authorKey instead of the user accountID ?
Nihar Markana _C_ January 27, 2025

Hi @Luiz Ricardo Pereira da Silva  Do we have any updates on this ?

Nihar Markana _C_ February 18, 2025

Hi @Luiz Ricardo Pereira da Silva  Do we have any updates on this ?

Luiz Ricardo Pereira da Silva
Contributor
February 25, 2025

Hello, I apologize for the delay.
Unfortunately, some records in the audit log do not include the AccountId, and the author key has indeed been discontinued.
I'm not sure if this will help, but I created a Python script that, in addition to scanning all users, also identifies the AccountId related to the author key in other audit logs.
If the AccountId is not found in that session, the script will look for it in other sessions where the same user appears, performing a comparison by the author key.
If it still can't find it, the result will be returned as "unknown."
This isn't the solution, but it's the closest approach I could find to assist you.
I hope it works for most of the sessions.

import json
import requests
import base64

# Authentication configuration
JIRA_USER = "your_email" # Replace with the correct user
JIRA_TOKEN = "your_token" # Replace with the correct token
AUTH_HEADER = base64.b64encode(f"{JIRA_USER}:{JIRA_TOKEN}".encode()).decode()

# Function to get user by authorKey
def get_user_by_authorKey(authorKey):
JIRA_USER_URL = f"you_domainrest/api/3/user?key={authorKey}"
HEADERS = {
"Authorization": f"Basic {AUTH_HEADER}",
"Accept": "application/json"
}
response = requests.get(JIRA_USER_URL, headers=HEADERS)
if response.status_code == 200:
return response.json().get("accountId", "Unknown")
return "Unknown"

# Function to extract users from the audit JSON
def get_user_from_audit(audit_json):
users = []

for record in audit_json.get("records", []):
user_info = {
"event_id": record.get("id"),
"summary": record.get("summary"),
"accountId": None,
"authorKey": None,
"user": "Unknown"
}

# First, try to get the accountId directly
if "authorAccountId" in record:
user_info["accountId"] = record["authorAccountId"]
user_info["user"] = record["authorAccountId"]

# If not found, try to get the authorKey
elif "authorKey" in record:
user_info["authorKey"] = record["authorKey"]
user_info["user"] = record["authorKey"]

# If still not found, check in associatedItems
if not user_info["accountId"]:
for item in record.get("associatedItems", []):
if item.get("typeName") == "USER":
user_info["authorKey"] = item.get("id")
user_info["user"] = item.get("name")
break

# If the user is still "Unknown", try to fetch it from the API
if user_info["user"] == "Unknown" and user_info["authorKey"]:
user_info["user"] = get_user_by_authorKey(user_info["authorKey"])

users.append(user_info)

return users

# API request configuration
JIRA_URL = "you_domainrest/api/3/auditing/record"
HEADERS = {
"Authorization": f"Basic {AUTH_HEADER}",
"Accept": "application/json"
}

# Making the request
response = requests.get(JIRA_URL, headers=HEADERS)
if response.status_code == 200:
auditing_json = response.json()
users_extracted = get_user_from_audit(auditing_json)
print(json.dumps(users_extracted, indent=4))
else:
print(f"Request failed: {response.status_code} - {response.text}")

Best regards,

Suggest an answer

Log in or Sign up to answer
DEPLOYMENT TYPE
CLOUD
PRODUCT PLAN
PREMIUM
TAGS
AUG Leaders

Atlassian Community Events