Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Products
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

User Management API (Cloud) - Unable to access

Barbara Covington
Barbara Covington April 5, 2022

I've been turning myself inside out trying to access the User Management API for Jira Cloud.

I'm using Google Apps Script, following instructions from here: https://developer.atlassian.com/cloud/admin/user-management/rest/api-group-users/#api-users-account-id-manage-get

I have both org and site admin permissions.  I am using an API Token that I generated from here.https://support.atlassian.com/organization-administration/docs/manage-an-organization-with-the-admin-apis/

I run many scripts on the regular public rest API, with no problem. https://api.atlassian.net/rest/api/2/

I get 403 messages with this error "OAuth 2.0 is not enabled for method: GET"

Note that because I'm desperate, I have tried with both just the API token (no org ID), and with the org ID (with the org ID, I get a 404)

I have also tried Basic auth, but as we all know, that's been deprecated.

 

Here's my code:

function getMgmtPermTest(){

   var url = "https://api.atlassian.net/users/xxx.../manage";
   var orgId = "123..."
   var apiToken = "123..."

   var encCred = Utilities.base64Encode(orgId +":"+ apiToken);

   var params = {  
      method:"GET",
      contentType:'application/json',
      headers:{Authorization:"Bearer "+ apiToken}, // 403
    //headers:{Authorization:"Bearer "+ encCred}, // 404
   };

   var response = UrlFetchApp.fetch(url, params);
   Logger.log(response.getResponseCode());

}

 

Answer
Watch
Like Be the first to like this
945 views

2 answers

1 accepted

0 votes
Answer accepted
Ivan Lima
Ivan Lima
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
April 7, 2022

My two cents:

I'm not familiar with google script, but the only bit I can spot that could fix it is the URL you're using ".net", which should be ".com". And you should use Bearer + API token, as you mentioned. However, if you're getting 403 forbidden as a response, it's correct; you need to verify your domain to manage an account.

View More Comments
Barbara Covington
Barbara Covington April 8, 2022

Thank you Ivan!  You are correct!  That's what I was doing wrong!

Like
Reply
0 votes
Ed Letifov _TechTime - New Zealand_
Ed Letifov _TechTime - New Zealand_
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
April 5, 2022

Hello, @Barbara Covington 

I can confirm that we have an app that works with these APIs using admin token, specifically https://developer.atlassian.com/cloud/admin/user-management/rest/api-group-users/#api-users-account-id-manage-profile-get

I can see that we are not even setting the Content-Type, but are setting the Authorization header.

The app is in Java

        HttpRequestBase req = new RequestBuilder()
                .setUrl(String.format("https://api.atlassian.com/users/" + accountId +"/manage/profile"))
                .setHeader("Authorization", "Bearer " + apiKey)
                .get()
                .build();
        HttpResponse response = null;
        try {
            response = client.execute(req);
        } catch (IOException  e) {
            req.releaseConnection();
            log.error("Failed getting user profile", e);
        }

 

I will assume that the quotes around Authorization in the headers array are not required in Javascript (?) syntax?

Shooting in the dark, based on the above, I'd be removing content type and putting Authorization into double quotes.

The API you've linked to does describe 403 response (at the bottom under cURL example code)

You are authenticated but have no permission to manage the target user.

It also lists the responses that should come in JSON body – is this where you are getting your "OAuth 2.0 is not enabled for method: GET" or does that come as a non-JSON response? If it's non-JSON I would think your Bearer token hasn't been passed correctly. If it's JSON – I have a feeling this means you as an org admin can't manage this account (but the user themselves would).

In the end, this might be better answered in https://community.developer.atlassian.com/

View More Comments
Barbara Covington
Barbara Covington April 6, 2022

Thanks for your quick response Ed.  Alas, I have already tried the things you mention to no effect.  The error message isn't in Json... perhaps you're right and I haven't passed the token correctly... but it should be simple and I've tried everything I can think of.

I'll try try the developer community as well... and I think I'll take a stab at doing it in Java too.  Will let you (and anyone following this thread) know how it works out.

Thanks!

Like
Barbara Covington
Barbara Covington April 7, 2022

I've tried this with cURL too, exactly as indicated in the instructions, and get the same error.  I've submitted a ticket, because there may be some issue with my company's instance of Jira. 

Like
Reply

Suggest an answer

Log in or Sign up to answer
Jira
Jira
TAGS
AUG Leaders

Atlassian Community Events

    See all events