Help Needed with Confluence Cloud Page Restriction Script

Hi everyone,

I’m trying to set restrictions on a Confluence Cloud page for a specific user using a Python script. However, I keep encountering an error that I can’t seem to resolve.

Here’s the error message I receive:

Error code: 400. {"statusCode":400,"data":{"authorized":true,"valid":true,"errors":[],"successful": true},"message":"com.atlassian.confluence.api.service.exceptions.BadRequestException: either username or userKey or userAccountId should not be <null>"}

Below is the Python script I’m using:

import requests
import json

# Your base URL, page_id, operation, and user_name should be properly defined
url = f"{base_url}/content/{page_id}/restriction/byOperation/read/user"

# Payload with correct structure
payload = {
    "operation": "read",
    "restrictions": {
        "user": [
            {
                "accountId": "5b14f37ef485a92ece5a515d" # Ensure user_name contains a valid accountId
            }
        ]
    }
}

headers = {
    "Accept": "application/json",
    "Content-Type": "application/json"
}

response = requests.put(url, json=payload, auth=self.auth, headers=headers, verify=False)

if response.status_code == 200:
    print("Restrictions successfully updated.")
else:
    print(f"Error updating restrictions: {response.status_code}")
print(response. Text)

I’m fairly certain that the accountId is correct, so I’m not sure what’s causing the problem. Could someone point out what might be going wrong here? Any help would be greatly appreciated!

Thank you in advance for your assistance.

Best regards,
Maurizio

Welcome to the Atlassian developer community @MaurizioBattiston,

It’s an auth problem. Can you say more about how the client is constructing auth=self.auth? I realize you can’t share exactly the code without leaking your credentials. I assume you’re using HTTPBasicAuth('user', 'pass'). Did you use your email for user and an API token for pass?

Hi ibuchanan,
Thank you for your quick response!

Regarding the authentication, I’m using a tuple for auth as follows:

auth = (email, tokenCloud)
  • ‘email’ is the user’s email address.
  • ‘tokenCloud’ is the API token created from Atlassian account

This method works with the same auth in another function, where I retrieve pages from a space. Here’s a snippet for reference:

def get_space_pages(self, space_key):
    """
    Retrieve all pages from a specified space.
   
    :param space_key: str, the key of the Confluence space.
    :return: list, list of pages in the space.
    """
    pages = []
    start = 0
    limit = 50
    while True:
        url = f"{self.base_url}/content?spaceKey={space_key}&limit={limit}&start={start}"
        response = requests.get(url, auth=self.auth, verify=False)
        response.raise_for_status()
        data = response.json()
        pages.extend(data['results'])
        if 'next' in data['_links']:
            start += limit
        else:
            break
    return pages

So, it seems that the authentication works fine elsewhere. Do you think there could be something else that’s causing the issue in the restriction API call?

Thanks again for your help!

Best regards,
Maurizio Battiston

Hello @MaurizioBattiston

Can you please try with the request body containing just the accountId:

payload = {
    "accountId": "5b14f37ef485a92ece5a515d"
}

According to the documentation the accountId is a query parameter and there is no expected body at all.
So you should add it to the URL like this: ?accountId=5b14f37ef485a92ece5a515d

2 Likes

Hi sunnyape,
thanks for your suggestion.

I tried with the new payload, but unfortunately, the error remains the same:

{"statusCode":400,"data":{"authorized":true,"valid":true,"errors":[],"successful": true},"message":"com.atlassian.confluence.api.service.exceptions.BadRequestException: either username or userKey or userAccountId should not be <null>"}

It seems that the API is still not recognizing the accountId correctly, even though I’ve confirmed that it’s valid. Any further ideas on what might be causing this?

Thanks again for your help!

Best regards,
Maurizio

Hello @MaurizioBattiston

My mistake. What @t-bundt said is correct.

As described in the documentation, you supply the accountId as a request (path) parameter, not as a request body (payload) parameter.

Hi @t-bundt,

Thanks a lot for your help and for the documentation link! I didn’t realize the accountId should be in the URL as a query parameter. After adding it like your example, it worked perfectly. Thanks again!

Best regards,
Maurizio

1 Like