Using service accounts within an automation to lookup information not available natively within the automation

Jira Development Jira Cloud
,
1

I am trying to create a Jira automation the uses a service account to look up the members of a group via a REST endpoint (i.e., api.atlassian.com /admin/v1/orgs/{ORG_ID}/groups/{GROUP_ID}/members) using the “Send Web Request”

I am receiving the following error when trying to validate the automation: Failed with status: 401
Response: {“code”:401,“message”:“Unauthorized”}, which I believe to be an issue with the scope. I have tried both OAuth bearer and Basic api token access and get the same results/errors.

Below is the scope set for my script:

SCOPES

Read
read:group:jira
read:group:confluence
read:user-configuration:jira
read:user:confluence
read:user:jira
read:user.columns:jira
read:user.property:confluence
read:user.property:jira

My questions are:

  1. Is there a native way within Jira automations to look this data up and store it for use later in the automation?

  2. Can /admin/v1/orgs/{ORG_ID}/groups/{GROUP_ID}/members be accessed by a service account?

  3. Are there missing scopes that would allow a service account to retrieve group memberships?

  4. Can service accounts be used within jira automations to lookup information?

Thanks in advance

2

To use the Organizations REST API you need to supply an organization API key rather than an API token.

More info: https://developer.atlassian.com/cloud/admin/organization/rest/intro/#auth

On a side note, is that even a real endpoint? I don’t see it listed in the docs.

3

In support of what @rcsr said, I also can’t find any Org Admin API endpoint with the path

https://api.atlassian.com/admin/v1/orgs/{ORG_ID}/groups/{GROUP_ID}/members

Can you provide a link to the documentation you are referencing that describes this endpoint you are using and the OAuth 2.0 scopes it requires?

Are you sure you’re not confusing Groups managed at the Organisation level with Groups that are managed within Jira itself, and are managed via Jira’s Groups endpoints?

Also, you said you were using a Send Web Request action in Jira Automation to submit the request. Is it a GET or POST request type?

4

Thanks for the replies and I can see where I caused the confusion. I am basing my endpoint from two pieces of Atlassian documentation:

3.2 Construct the request URL and REST API v3 - Get users from group

As I understand it, the service account cannot interact directly with your SITE but is required to go through the api.atlassian.gateway. I would provide an example of how I constructed the URL but new users are limited to 2 URL’s per posting.

In the end, what I am trying to do is have an automation rule create sub tasks for each member of a group and assign it to the user by matching the group name associated to the parent work item from where the automation is triggered. I haven’t been able to find a feature/function in the automation framework to do this natively so I thought that I could try one of two things:

  1. I could try to use the “Send web request” and get the group membership and use this to create the sub-tasks

  2. Maintain this list outside of the automation and have the automation prompt the user to provide the names of users to create the sub-tasks.

5

Hello @JeffWimberley

Although @rcsr answered your question first, I’ll finish it on their behalf

I am basing my endpoint from two pieces of Atlassian documentation:

Yes, so the endpoint URL you want is constructed from those two pieces of information:

https://api.atlassian.com/ex/jira/{cloudid}/rest/api/3/group/member

That is the endpoint URL you would use to send requests to manage Users in Groups in Jira using a Service Account that uses OAuth with the scopes described in the second piece of documentation.

The endpoint URL you had previously constructed was some sort of “Frankenstein’s monster” of one third OAuth / one third Basic Auth / one third Organizations API endpoint that didn’t exist :grinning_face:

If you need more specific information about how to construct Send Request automation actions, the Jira Questions of the public Atlassian Community forum is where that topic is discussed.

Have fun!

1 Like