So there is this GET endpoint https://developer.atlassian.com/cloud/jira/platform/rest/v3/api-group-users/#api-rest-api-3-user-email-bulk-get which works by putting in the url the account Ids of which you want the email returned like so /rest/api/3/user/email/bulk?${queryString}, queryString is “accountId=123&accountId=456” but the problem is that the route function is mandatory to use and it encodes the “=” and “&” characters which basically makes the URL BROKEN ! So tell atlassian devs, how to use this broken API ??
Hi @PetarDanadzhiev ,
The route function protects your app from XSS and XSRF vulnerabilities by ensuring that unsanitized user input cannot generate malicious URLs. Any string substitution is automatically URL encoded for safety reasons.
A solution to your problem would be to use the URLSearchParams type to structure your query parameter values. For example:
const accountIds = ["123", "456"];
const queryParams = new URLSearchParams();
accountIds.forEach((val) => queryParams.append('accountId', val));
const resp = await api.asApp().requestJira(route`/rest/api/3/user/email/bulk?${queryParams}`);
Alternatively, if the account ID values are trusted and are not susceptible to tampering by users, you can instead use the assumeTrustedRoute function in @forge/api:
api.asApp().requestJira(assumeTrustedRoute(`/rest/api/3/user/email/bulk?${queryString}`));
Both approaches are documented here: requestJira#usage
2 Likes