The User management REST API REST API

Users

Get user management permissions

GET /users/{account_id}/manage

Returns the set of permissions you have for managing the specified Atlassian account

Request

Path parameters

account_id Required

string

The user account to manage

Pattern:

[a-zA-Z0-9_|:-]{1,128}

Query parameters

privileges

Array<string>

Valid values: profile, profile.write, profile.read, email.set, lifecycle.enablement, apiToken.read, apiToken.delete

Example

cURL

Node.js

Java

Python

PHP

curl --request GET \
  --url 'https://api.atlassian.com/users/{account_id}/manage' \
  --header 'Authorization: Bearer <access_token>' \
  --header 'Accept: application/json'

Responses

200

401

403

404

You have permission to manage at least some aspect of the specified user account. Restrictions around the privileges specified are returned.

profile: DEPRECATED, replace by profile.write
profile.read: have permission to read the profile data of the user account (at GET ./profile)
profile.write: refers to the object mutability of the user's profile (at PATCH ./profile)
email.set: have permission to set the user's email address (at PUT ./email)
lifecycle.enablement: have permission to activate and deactivate the user's account (at POST ./lifecycle/enable AND ./lifecycle/disable)
apiToken.read: have permission to list the user's API tokens (at GET ./api-tokens)
apiToken.delete: have permission to delete API tokens from the account (at DELETE ./api-tokens/{tokenId})

Content type	Value
application/json	object

Get profile

GET /users/{account_id}/manage/profile

Returns information about a single Atlassian account by ID

Request

Path parameters

account_id Required

string

The ID of the user

Pattern:

[a-zA-Z0-9_|:-]{1,128}

Example

cURL

Node.js

Java

Python

PHP

curl --request GET \
  --url 'https://api.atlassian.com/users/{account_id}/manage/profile' \
  --header 'Authorization: Bearer <access_token>' \
  --header 'Accept: application/json'

Responses

200

401

403

404

You have permission to manage the user. The profile data is returned.

Content type	Value
application/json	object

Update profile

PATCH /users/{account_id}/manage/profile

Updates fields in a user account. The profile.write privilege details which fields you can change.

Request

Path parameters

account_id Required

string

The ID of the user to update

Pattern:

[a-zA-Z0-9_|:-]{1,128}

Body parameters

Content type	Value
application/json	allOf [User, object]

Example

cURL

Node.js

Java

Python

PHP

curl --request PATCH \
  --url 'https://api.atlassian.com/users/{account_id}/manage/profile' \
  --header 'Authorization: Bearer <access_token>' \
  --header 'Accept: application/json' \
  --header 'Content-Type: application/json' \
  --data '{
  "name": "Lila User",
  "nickname": "marshmallow",
  "zoneinfo": "America/Los_Angeles",
  "locale": "en-US",
  "extended_profile": {
    "job_title": "Lead Investigator",
    "organization": "Amalgamated Investigations",
    "department": "Investigations",
    "location": "Lompoc, CA"
  }
}'

Responses

200

400

401

403

404

You have permission to manage the user. The profile is updated.

Content type	Value
application/json	object

Set email

PUT /users/{account_id}/manage/email

Sets the specified user's email address. Before using this endpoint, you must verify the target domain as the new email address will be considered verified. The permission to make use of this resource is exposed by the email.set privilege. This call invalidates all active sessions.

Request

Path parameters

account_id Required

string

The ID of the user

Pattern:

[a-zA-Z0-9_|:-]{1,128}

Body parameters

email Required

string

The email address of the user.

Constraints

partMaxLength: The maximum length of the user part and of any subdomain is 255 characters.
validCharacters: Control and null characters are not allowed

Example

cURL

Node.js

Java

Python

PHP

curl --request PUT \
  --url 'https://api.atlassian.com/users/{account_id}/manage/email' \
  --header 'Authorization: Bearer <access_token>' \
  --header 'Content-Type: application/json' \
  --data '{
  "email": "vmars@marsinvestigations.com"
}'

Responses

204

400

401

403

404

Everything went fine, nothing to return.

Get API tokens

GET /users/{accountId}/manage/api-tokens

Gets the API tokens owned by the specified user.

Request

Path parameters

account_id Required

string

The ID of the user

Pattern:

[a-zA-Z0-9_|:-]{1,128}

Example

cURL

Node.js

Java

Python

PHP

curl --request GET \
  --url 'https://api.atlassian.com/users/{accountId}/manage/api-tokens' \
  --header 'Authorization: Bearer <access_token>' \
  --header 'Accept: application/json'

Responses

200

400

401

403

404

Success

Content type	Value
application/json	Array<anything>

Delete API token

DELETE /users/{accountId}/manage/api-tokens/{tokenId}

Deletes a specifid API token by ID.

Request

Path parameters

account_id Required

string

The ID of the user

Pattern:

[a-zA-Z0-9_|:-]{1,128}

tokenId Required

string

The ID of the API token

Example

cURL

Node.js

Java

Python

PHP

1
2
3

curl --request DELETE \
  --url 'https://api.atlassian.com/users/{accountId}/manage/api-tokens/{tokenId}' \
  --header 'Authorization: Bearer <access_token>'

Responses

204

400

401

403

404

The API token was deleted

Deactivate a user

POST /users/{account_id}/manage/lifecycle/disable

Deactivate the specified user account. The permission to make use of this resource is exposed by the lifecycle.enablement privilege. You can optionally set a message associated with the block that will be shown to the user on attempted authentication. If none is supplied, a default message will be used.

Request

Path parameters

account_id Required

string

The ID of the user

Pattern:

[a-zA-Z0-9_|:-]{1,128}

Body parameters

message

string

Example

cURL

Node.js

Java

Python

PHP

curl --request POST \
  --url 'https://api.atlassian.com/users/{account_id}/manage/lifecycle/disable' \
  --header 'Authorization: Bearer <access_token>' \
  --header 'Content-Type: application/json' \
  --data '{
  "message": "On 6-month suspension"
}'

Responses

204

401

403

404

Everything went fine, nothing to return.

Activate a user

POST /users/{account_id}/manage/lifecycle/enable

Activates the specified user account. The permission to make use of this resource is exposed by the lifecycle.enablement privilege. You can optionally set a message associated with the block that will be shown to the user on attempted authentication. If none is supplied, a default message will be used.

Request

Path parameters

account_id Required

string

The unique identifier of the user to activate.

Pattern:

[a-zA-Z0-9_|:-]{1,128}

Example

cURL

Node.js

Java

Python

PHP

1
2
3

curl --request POST \
  --url 'https://api.atlassian.com/users/{account_id}/manage/lifecycle/enable' \
  --header 'Authorization: Bearer <access_token>'

Responses

204

401

403

404

Everything went fine, nothing to return.