A webservice I’ve written takes information from a web form and uses it to create tickets in the Jira ServiceDesk. The form allows for the entry of an emailAddress for Reporter/Assignee. I make a call to the jira rest api v2 with something like:
https://.atlassian.net/rest/api/2/user/search?query=&maxResults=1000
And this gives me all the users that can access or have been made under this instance. ~300 users. The result set that comes back, which looks similar to this:
[
{
"self": "https://dcimarketing.atlassian.net/rest/api/2/user?accountId=##############",
"key": "<someUserKey>",
"accountId": "<someAccountId>",
"accountType": "atlassian",
"name": "<someUserName>",
"emailAddress": "someaddress@email.com",
"avatarUrls": {...},
"displayName": "<DisplayName>",
"active": true,
"timeZone": "America/Chicago",
"locale": "en_US"
},
now when calling this service, ~124 users come back with:
[
{
...
"emailAddress": "",
...
},
I’ve noticed this changed depending on the account I used, but when mirroring the permissions of both accounts, I still get plenty of users without an email address. I had an admin user look under global settings and temporarily change from “Show to Logged in Users” to “Public”, but no observable change was seen.
I suspect a recent change with the API is the cause for this, but I’ve been unable to find it so far. Can anyone explain what’s going on here?
Hi @RobertoGuerrido ,
The changes you are seeing relate to our deprecation of certain APIs to provide improved user privacy.
The email address is a private account field which is why it is now blank.
3 Likes
Thank you for the quick response!
Is this a situation where I would have to apply for an exemption to get the emails of my users, or is that gone entirely?
Hi @RobertoGuerrido,
Possibly, although just be aware that by being granted access to email addresses, the fields in the responses you listed will still not be populated with the email addresses. Instead, you will have to call a new API to retrieve the email address for a specific account ID.
You may like to start at https://community.developer.atlassian.com/t/guidelines-for-requesting-access-to-email-address/27603.
Hi Dugald Morrow,
Is there any reason to not update the existing GET /rest/api/3/user (the same applies for issues object responses - reporter, assignee…) to retrieve all the fields which the user has permission to see it? Instead creating a new endpoint to retrieve only an email by an account id.
Following the logic of creating new services to retrieve only a specific field, it will be quite complicated to manage this from an App developer view. I’m saying this because it’s expected to have the same configuration for other fields - locale, timezone an so on.
Kind regards,
Paulo Alves.
Hi @paulo.alves,
I understand your point of view and can appreciate the current API is not ideal. I am not on the Jira or Confluence team, but implementing it the way you describe is likely more complicated.
Regards,
Dugald
1 Like
Hi Dugald Morrow,
Thank you for your response.
The displayName field available on some REST APIs (/api/3/issue/{issueIdOrKey} for example) will depend also on the privacy settings. Is there any specific API to get the displayName as we have for the email, or should we be able to get the displayName from GET /rest/api/3/user?
Thank you.
Kind regards,
Paulo Alves.
Hi @paulo.alves,
There’s no specific REST resource providing a user’s display name like there is for email.
Regards,
Dugald