I've been turning myself inside out trying to access the User Management API for Jira Cloud.

I'm using Google Apps Script, following instructions from here: https://developer.atlassian.com/cloud/admin/user-management/rest/api-group-users/#api-users-account-id-manage-get

I have both org and site admin permissions.  I am using an API Token that I generated from here. https://support.atlassian.com/organization-administration/docs/manage-an-organization-with-the-admin-apis/

I run many scripts on the regular public rest API, with no problem. https://api.atlassian.net/rest/api/2/

I get 403 messages with this error "OAuth 2.0 is not enabled for method: GET"

Note that because I'm desperate, I have tried with both just the API token (no org ID), and with the org ID (with the org ID, I get a 404)

I have also tried Basic auth, but as we all know, that's been deprecated.

Here's my code:

function getMgmtPermTest(){

var url = " https://api.atlassian.net/users/xxx.../manage ";
var orgId = "123..."
var apiToken = "123..."

var encCred = Utilities.base64Encode(orgId +":"+ apiToken);

var params = {
method:"GET",
contentType:'application/json',
headers:{Authorization:"Bearer "+ apiToken}, // 403
//headers:{Authorization:"Bearer "+ encCred}, // 404
};

var response = UrlFetchApp.fetch(url, params);
Logger.log(response.getResponseCode());

}

My two cents:

I'm not familiar with google script, but the only bit I can spot that could fix it is the URL you're using " .net " , which should be " .com ". And you should use Bearer + API token, as you mentioned. However, if you're getting 403 forbidden as a response, it's correct; you need to verify your domain to manage an account.

Hello, @Barbara Covington

I can confirm that we have an app that works with these APIs using admin token, specifically https://developer.atlassian.com/cloud/admin/user-management/rest/api-group-users/#api-users-account-id-manage-profile-get

I can see that we are not even setting the Content-Type, but are setting the Authorization header.

The app is in Java

        HttpRequestBase req = new RequestBuilder()
                .setUrl(String.format("https://api.atlassian.com/users/" + accountId +"/manage/profile"))
                .setHeader("Authorization", "Bearer " + apiKey)
                .get()
                .build();
        HttpResponse response = null;
        try {
            response = client.execute(req);
        } catch (IOException  e) {
            req.releaseConnection();
            log.error("Failed getting user profile", e);
        }

I will assume that the quotes around Authorization in the headers array are not required in Javascript (?) syntax?

Shooting in the dark, based on the above, I'd be removing content type and putting Authorization into double quotes.

The API you've linked to does describe 403 response (at the bottom under cURL example code)

You are authenticated but have no permission to manage the target user.

It also lists the responses that should come in JSON body – is this where you are getting your "OAuth 2.0 is not enabled for method: GET" or does that come as a non-JSON response? If it's non-JSON I would think your Bearer token hasn't been passed correctly. If it's JSON – I have a feeling this means you as an org admin can't manage this account (but the user themselves would).

In the end, this might be better answered in https://community.developer.atlassian.com/

Thanks for your quick response Ed.  Alas, I have already tried the things you mention to no effect.  The error message isn't in Json... perhaps you're right and I haven't passed the token correctly... but it should be simple and I've tried everything I can think of.

I'll try try the developer community as well... and I think I'll take a stab at doing it in Java too.  Will let you (and anyone following this thread) know how it works out.

Thanks!