We started development of a ticket type app for a client of ours.
This app is using the jira rest api.
Now we want to add comments to an issue, but we want to add te comment as a specific user.
Is there any way you can set the author accountId to a specific accountId?
I’m trying by setting the following data for author along with the body of the comment, but it doesn’t seem to be setting the author.
accountId: <accountId for user>
Is this something we just can’t do with the api, or am I doing something wrong?
Welcome to the Atlassian developer community @RikdeGraaf,
It’s not you. It’s the API. The author of a comment is the user associated with the auth token.
Hi @RikdeGraaf ,
An alternate form of @ibuchanan’s response is that your request to the API will need to impersonate the user adding the comment. There are several types of authentication and ways to make impersonated API calls.
For Connect apps, see this guide if you are calling the API from your service or otherwise call the API using AP.request to make an impersonated request from your app’s frontend embedded within Jira.
If your app used OAuth 2.0 (3LO) for authentication, see this guide. All OAuth 2.0 (3LO) API requests impersonate users.
I understand that the author is the user associated with the auth token. But you are saying that there is no way to change the author of a comment to somebody else than me (the user with the auth token)?
I’m using basic auth at the moment, is there any way I can do it using that method?
Hi @RikdeGraaf ,
With basic auth, the reporter will always be that of the account corresponding to the credentials used. There’s no way to override this through the API.
If the request is made in the context of user interactions, then I would recommend changing the app to be either an OAuth 2.0 (3LO) app or a Forge app. If the request is not made in the context of user interactions, then I would recommend changing the app to a Connect app since unlike the other forms of impersonation, Connect’s user impersonation will work outside the context of user interactions.
I was looking at the guide you posted for OAuth 2.0, saying that those request impersonate users.
I’m unsure how that is the case, as ibuchanan said, the bearer token (access_token in my case)used links to the user associated with the initial Auth flow request.
Is there a UUID or something that gets sent with the comment that can change that?