Fastest way to check whether the user is admin from app backend

Hi @paulo.alves. Have you found a solution?
This allows for privilege escalation, where a user can get the token from an administrator and make a call to the endpoint without being an administrator using postman or similar.

Hi @jerry.laster,
We are checking the user permissions for every single service using the Atlassian REST API.
Paulo Alves.

1 Like

Hi @paulo.alves ,
Which service are you using?