Forums
Home Product Q&A Discussion groups Articles Ask a question Search
Learning
Events
Champions

Forums

Articles
Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Product Q&A
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Why does give two difference response for same API ?

Kumudu_Samarakoon
Kumudu_Samarakoon March 5, 2019

I am creating a jira cloud app using the node.js express framework. Although I call GET /rest/api/3/myself API in client-side, It sends current user details(my information),  when I call it in server-side, it sends a different response which does not contain my email address or any other information. Two difference 'accountID's are responded in these two cases.

Answer
Watch
Like Be the first to like this
1201 views

1 answer

0 votes
Andy Heinzer
Andy Heinzer
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
March 8, 2019

I believe this is due to the recent/upcoming changes to the Jira Cloud REST APIs documented in https://developer.atlassian.com/cloud/jira/platform/api-changes-for-user-privacy-announcement/

These are largely happening to make sure that Jira Cloud can continue to comply with GDPR regulations. 

As for why these are different, I would like to know more about your client side vs server side difference here.   How are each of these authenticating to the REST API for example?  I suspect that when a user makes a REST API call from something like curl, python, etc,  If they have authenticated Basic authentication or with a single user token, it's very clear to Jira that this user account logged in and in turn it's ok to return that own user his or her name or other personally identifiable information.  It's your own info after all.

However, if I recall correctly, the way user authentication of accounts in a cloud side environment, such as a Jira Cloud plugin, these tend to use a different method of authenticating the request, such as a oauth.  Also since some plugins can have to interface with multiple individual accounts in that Cloud site, it is not always safe (or GDPR compliant) to return to the plugin the direct name of the user account being using to make the request.  Which is what I am suspecting is happening here.

I hope this helps.

Andy

View More Comments
Kumudu_Samarakoon
Kumudu_Samarakoon March 10, 2019

Hi Andy, 

Thanks for your answer, Here I used this code on the client side,

AP.require('request', function(request) {
 request({
 url: '/rest/api/3/myself',
 contentType: "application/json", 
 success: function(response) {
 // Convert the string response to JSON 
  response = JSON.parse(response); 
  username = response.emailAddress; 
  console.log(response); }, 
  error: function(response){
  console.log("error"); 
  } 
 }); 
}); 

this returns correct current user, But in the server side, I used the following code, 

var httpClient = addon.httpClient(req);
httpClient.get( {
 url: '/rest/api/3/myself',
 headers: { 
 'Content-Type': 'application/json' 
 }  
}, 
function(err, res, body) {
// console.log("body>>>>>>>>>>",body);
 var body = JSON.parse(body); 
 userEmail = body.emailAddress; 
 console.log("email",body); 
} );

this does not return current user details, it returns addon_user details for all users. How can get current user in server-side..? please help me.

Like
Andy Heinzer
Andy Heinzer
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
March 11, 2019

Looking at the code for both of these I can't tell how authentication is being handled here for these requests.  There is no apparent authentication headers, tokens, or other revealing authentication means here.   I think that is the key to understanding the results of the endpoint GET /rest/api/3/myself.  The description of that endpoint is

Returns details for the authenticated user.

In this case, for a Cloud add-on it sounds like the add-on is not attempting to authenticate as other users, which in turn would explain why it returns the addon user instead.

Looking towards our developer community, I found this thread: https://community.developer.atlassian.com/t/how-to-authenticate-end-user-in-connect-add-on-accessed-standalone/18422

Which would seem to suggest the use of 3LO to achieve this https://developer.atlassian.com/cloud/jira/platform/oauth-2-authorization-code-grants-3lo-for-apps/?utm_source=%2Fcloud%2Fjira%2Fplatform%2Fthree-legged-oauth%2F&utm_medium=301

Like
Reply

Suggest an answer

Log in or Sign up to answer
Jira
Jira
TAGS
AUG Leaders

Atlassian Community Events

    See all events
    Community
    Forums
    FAQs Forums guidelines
    Learning
    About learning Resources
    Events
    Champions
    Copyright © 2025 Atlassian
    Privacy Policy Terms Security
    Welcome illustration

    Welcome to the new Atlassian Community

    Online forums and learning are now in one easy-to-use experience.

    By continuing, you accept the updated Community Terms of Use and acknowledge the Privacy Policy. Your public name, photo, and achievements may be publicly visible and available in search engines.