Problem with Python + API_KEY + Add user to group

Good time of day!
Please help to understand the request to add a user to the desired group.

We use the cloud version of Atlassian. And we use the request by:
url = "https://<mycompanyname>.atlassian.net/rest/api/2/group/user

I can't figure it out by myself and write a request.
I do it according to this instruction https://developer.atlassian.com/cloud/jira/platform/rest/v2/#api-rest-api-2-group-user-post
In the "Add user to group" section

I'm creating a token at https://id.atlassian.com/manage/api-tokens
I'm putting it in the Bearer: "<access_token>

in "accountId": I specify the user Id.

Where do I specify the desired group?

Or in "accountId": should I specify the group Id? Then where do I specify the user name to add it?

Please help us with this question. For a few days now, I've been tormented, I can't find a working variant.

I need to add a specific user to a specific group using python. Please tell me how best to do it, where to find the right, working example?

He keeps coming back:

"Returned if the authentication credentials are incorrect or missing from the request. 401"

"message": "Client must be authenticated to access this resource.",
"status-code": 401

2 comments

Comment

Hi Konstantin,

The documentation can be a bit misleading. Unless you are using OAUTH,

Bearer: <access_token>

is not what you want to use. I suggest you try using HTTP Basic Auth, as explained here: https://developer.atlassian.com/cloud/jira/platform/jira-rest-api-basic-authentication/

Hope that helps,

Oliver

P.S. A similar issue came up the other and thanks to Dario Bonotto, there already is a request to have the documentation fixed.

Like • Konstantin Belenko likes this

Okay. Okay. Thank you.
But how do I write a request?
Where do I enter the group and user IDs?
Could you give an example of how to use it?
If possible, it is desirable to use python =)

I tried to write from the link as an example, but the script refuses to work. API toke took from https://id.atlassian.com/manage/api-tokens

Ah, sorry I missed that part of the question. Two more changes should get you going.

First, it has to be a POST request instead of GET. Rule of thumb here is: GET request will always just get some information, POST requests change things.

Second, the group name has to be part of the URL. The documentation says so, but the examples do not really show this.

My Python is a bit rusty, but the following should get you going, just replace YOUR_AUTH, YOUR_GROUP and ACCOUNT_ID:

import requests
import json

url = "https://innovecs.atlassian.net/rest/api/2/group/user?groupname=YOUR_GROUP"

headers = {
   "Accept": "application/json",
   "Content-Type": "application/json",
   "Authorization" : "Basic YOUR_AUTH"
}

payload = json.dumps( {
  "accountId": "ACCOUNT_ID"
} )

response = requests.request(
   "POST",
   url,
   data=payload,
   headers=headers
)

print(json.dumps(json.loads(response.text), sort_keys=True, indent=4, separators=(",", ": ")))

Like • Konstantin Belenko likes this

I'm trying to follow your recommendation by filling out
YOUR_GROUP = confluence-users (default group)
YOUR_AUTH = "Basic <API Token>
ACCOUNT_ID = respectively

Now the page returns me an error (401)

Please, I need your help :)

Could it be a wrong request to url?
I'm trying to change it to groupid/group_id, but it gives the same 401 :(

<title>Unauthorized (401)</title>

I noticed if you remove the "Authorization" line: "Basic <Api Key>" That error 401 changes to:

<?xml version="1.0" encoding="UTF-8" standalone="yes"?><status><status-code>401</status-code><message>Client must be authenticated to access this resource.</message></status>

Hi Konstantin,

did you base64-encode your e-mail:API-token pair? Simply copying the token into place should fail.

Alternatively you could try by adding your e-mail and API-token directly to the URL, although that always seemed messy to me. Anyway, that would look like this:

url = "https://YOUREMAIL:API-TOKEN@innovecs.atlassian.net/rest/api/2/group/user?groupname=YOUR_GROUP"

headers = {
   "Accept": "application/json",
   "Content-Type": "application/json"
}

Like • Konstantin Belenko likes this

"did you base64-encode your e-mail:API-token pair?"

I'm not sure what you mean.
Probably not. I create a token and copy it in place of <API Token>. I haven't seen any coding information, can you tell me more? Maybe that's it?

Alas, but this request did not help. The script crashes with an error:

OMG, it was all about the encoding. I wasn't doing the right thing and I misread the instructions you sent me. I encoded the e-mail separately, and I needed the whole line of e-mail:API-token.
I apologize for my stupidity. I'm just learning :)
Thank you. Everything works. After all, the code looks like this:

import requests
import json

url = "https://innovecs.atlassian.net/rest/api/2/group/user?groupname=<GroupeName>"

headers = {
   "Accept": "application/json",
   "Content-Type": "application/json",
   "Authorization": "Basic <e-mail:API-token in Base-64 encoding>"
}

payload = json.dumps( {
  "accountId": "<userId>"
} )

response = requests.request(
   "POST",
   url,
   data=payload,
   headers=headers
)

print(response.text)

Like • Oliver Siebenmarck _Polymetis Apps_ likes this

I have one more request for you.
Can I add a user by e-mail or by their name instead of their ID?

Happy to hear that it's working for you now!

If I remember correctly, you can either use the accountId or the username. However, the preferred way is the accountId, because of privacy concerns, see also here: https://developer.atlassian.com/cloud/jira/platform/deprecation-notice-user-privacy-api-migration-guide/

Like • Konstantin Belenko likes this

Yeah, I understand that this is a moment of safety.
The thing is that we have a script to create an account, and the only parameter I can extract is Login or email.
And here we come across the pitfalls again.

payload = json.dumps( {
  "emailAddress": "<userEmail>" # Or "username": "<login>"
} )

shows:

{
"errorMessages": [
"Specified user does not exist or you do not have required permissions"
],
"errors": {}
}

I can extract userid from the GET request.
But the request gives out a lot of other information. And I haven't yet figured out how to extract only userId from it and write it into a variable for further use.

Only way I could think of is first retrieving the accountId for each user using the '/rest/api/3/user' resource and then using that accountId to add the user to the group.

That's an extra step for each user, but I do not think there is a way around this.

Like • Konstantin Belenko likes this

Recommended Learning For You

Level up your skills with Atlassian learning

Learning Path

Jira Administrator

Configure Jira Software, Jira Core, or Jira Service Management, including global settings, permissions, and schemes.

12.7h Advanced

Path

Managing Jira Projects Cloud

Learn to create and configure company-managed projects in Jira Software and partner effectively with Jira Admins.

4h Intermediate

On Demand

Learning Path

Become an effective Jira Software Project Admin

This learning path is designed for team leaders who configure Jira Software projects to match a team's processes.

Intermediate

Free

Was this helpful?

Thanks!

Jira Cloud Admins

Product Q&A

Community resources

Support

Top groups

Community resources

Support

Learn

Community resources

Support

Events

Community resources

Support

Get product advice from experts

Join a community group

Advance your career with learning paths

Earn badges and rewards

Connect and share ideas at events

Problem with Python + API_KEY + Add user to group

2 comments

Comment

Was this helpful?

Thanks!

TAGS

Atlassian Community Events