How to search users using "/rest/api/3/user/search" as an app user

Jira Development Jira Cloud
, , ,
1

Hi,

I am using the API “/rest/api/3/user/search” to get the list of users in my atlassian-connect application. Currently, I am accessing the API using on behalf of a user ( Authorization with user impersonation ) but i want to access it via an app user ( Authorization via scopes and app users ). According to the Atlassian connect README, i am sending the request as:

addon.httpClient.get('/rest/api/3/user/search', function(err, res, body) { ... });

I have also defined the scope as “ADMIN” in atlassian-connect.json file but still unable to fetch any result and no users are returned. Is there anything i am missing with the request or permissions?

Thanks in advance.

2

Hi @ShubhamTyagi ,

Welcome to Atlassian Developer Community!

What specific error are you getting? If you’re getting this error

TypeError: addon.httpClient.get is not a function

Can you try doing it this way based on the ACE docs and check if you are able to get the response?

var httpClient = addon.httpClient(req);

httpClient.get('/rest/api/3/user/search?query=myQuery', function(err, res, body) { 
    console.log("body: ", body);
    ...
});

I tried using READ scope as well and it worked as expected.

Cheers,
Ian

3

Hi @ianRagudo,

Thanks for the response.

Currently my code consists of two functions:

var httpClient = addon.httpClient(req);
httpClient.get('/rest/api/3/user/search?query=&includeInactive=true', function(err, response, body) {
  console.log("user search ...");
  if(err)
    console.log(err);
  else {
    if(response.statusCode == 200){
      var json = JSON.parse(body);
      console.log(json);
    }
    else {
      console.log(response.statusCode);
    }
  }
});

httpClient.asUserByAccountId(req.context.userAccountId).get('/rest/api/3/user/search?query=&includeInactive=true', function(err, response, body) {
  console.log("user search using account id...");
  if(err)
    console.log(err);
  else {
    if(response.statusCode == 200){
      var json = JSON.parse(body);
      console.log(json);
    }
    else {
      console.log(response.statusCode);
    }
  }
});

The first function is the one i am accessing as an app user using the scope [“ADMIN”](tried with “READ” too as specified in docs) but still getting a null set as result.
The second function is on behalf of a user which is working as expected and giving the desired result(scope: [“ACT_AS_USER”])

I also accessed another API using authorization with app user and is working as expected.

var httpClient = addon.httpClient(req);
httpClient.get('/rest/api/3/project/search', function(err, response, body) {
  console.log("project search ...");
  if(err)
    console.log(err);
  else {
    if(response.statusCode == 200){
      var json = JSON.parse(body);
      console.log(json);
    }
  }
});

The above API is working for me.
In the docs, it is specified “Anonymous calls or calls by users without the required permission return empty search results.” under the API description. Does this relate to my query?
Also, my current “atlassian-connect-express” dependency version is 7.4.7.

Thanks again.

4

You’re welcome, @ShubhamTyagi .

Yes, the app user not having the Browse users and groups permission will result in an empty search result. In order to check if you have the right permissions, go to Settings > System > Global permissions (or hit . then type Global Permissions). Verify if permission has been granted to the group that your app is a part of.

To check the group your app user belongs to, you can run https://{yoursite}.atlassian.net/rest/api/3/user?accountId={appUserAccountId}&expand=groups. You can get your app’s account id from the result of your successful Get user search call.

Hope this helps.

1 Like
5

Thanks for the response again @ianRagudo

I was able to resolve the issue with the right permission. The Browse users and groups permission was not added for the group atlassian-addons-admins. Thanks for pointing it out.

This link might help others: Managing global permissions

Thanks,
Shubham

1 Like
6

Hi There

What exactly the “asUserByAccountId” does? adds a special HTTP header?

Thanks