403 getting User Avatar images from Atlassian Connect

Hi, is it possible to use Atlassian Connect to retrieve Avatars ?

We don’t have any other issue accessing other API endpoints with ACE (user, email, etc), but trying to access /aa-avatar/5c20e93c9760f569b6277f51 always return a 403. We also tried with wiki/aa-avatar/5c20e93c9760f569b6277f51 with the same result.

The avatars work perfectly when retrieving them via browser and logged into the Confluence instance.

Thanks and regards,

I’m not sure about that endpoint you’re using.

I think the right approach would be to call the user and get the profile picture that way.

https://developer.atlassian.com/cloud/confluence/rest/api-group-users/#api-api-user-get

with the new Profile visibility controls that users now have a profile photo may be inaccessible due to their settings.

https://developer.atlassian.com/cloud/confluence/profile-visibility/

Hi Ralph, how are you ?

We are retrieving the Avatar url from the user endpoint, but we want the image itself instead of an url. When we try to retrieve it using the addon request, we get that 403.

Example: The get user gives us this URL: "/wiki/aa-avatar/557058:4596849b-4c51-4c1d-8d58-715af50c9627"
But what we want is to retrieve the image, so we use the addon to query that url giving a 403 as a result.

Hi @regosdevstudio,

Please be aware that user avatars are a form of personal data so if your app downloads and store them then it will need to declare this in its Marketplace listing and also implement the reporting detailed in User privacy guide for app developers.

Regards,
Dugald

This makes it sound like the 403 is by design.

Hi, thank you both for the answers.

We are not storing anything, we only want to show the user avatar (if they have it enabled on the settings) in an email notifications from our addon. So our first idea was to retrieve the image url with the ACE.

If we can not do it this way, do you have an approach on how to do that ?

Thanks,

Hi @regosdevstudio,

I had assumed you were trying to download the actual image data. There’s no privacy issue if you are just embedding the avatar URL in your email.

Regards,
Dugald

Thanks Dugald, the problem with embedding the image url directly in the email is that if he is not logged to the instance he will not be able to see the image.

@rwhitbeck Might this issue be related to https://ecosystem.atlassian.net/servicedesk/customer/portal/14/DEVHELP-4578 ?
The issue is private, but it is about Confluence pdf export and avatar images no visible in the pdf export.

Hi, do you have any ideas on that ?

Thanks !