Just a heads up: On March 24, 2025, starting at 4:30pm CDT / 19:30 UTC, the site will be undergoing scheduled maintenance for a few hours. During this time, the site might be unavailable for a short while. Thanks for your patience.

×
Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Product Q&A
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

403 Forbidden response in user management API to disable a user in Jira cloud

Joel Cook
Joel Cook March 24, 2020

I'm using the user management REST api in Jira cloud. The POST request is as follows:

https://api.atlassian.com/users/{{userid}}/manage/lifecycle/disable

(where {{userid}} is the Jira id of the user I want to disable)

I'm using Bearer Token authorization with a valid Admin token.

I'm trying to test this in Postman.

Every time I run it, I get a 403 Forbidden response. The full body of the response is:

{
    "key""forbidden",
    "context""Error: Caller must be an org admin of targeted account or be the targeted account",
    "errorKey""forbidden",
    "errorDetail""Error: Caller must be an org admin of targeted account or be the targeted account"
}

However, I am an org & site admin:

Also noteworthy: in the UI, when I generate the admin key and click "Done", the UI gives me a message "Something went wrong; try again later."

 

Answer
Watch
Like Scott Reopelle likes this
3667 views

1 answer

0 votes
Hazwan Ariffin
Hazwan Ariffin
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
March 24, 2020

Hey Joel,

For UM rest API, you would need to get the token from https://admin.atlassian.com/o/<orgid>/admin-api.

Basically go to https://admin.atlassian.com/ > Settings > API key. Generate the token and use that token to run the call. That should work.

Let me know how it goes

View More Comments
Joel Cook
Joel Cook March 25, 2020

I actually did use that link to generate the API token. When it gets to the https://admin.atlassian.com/o/<orgid>/admin-api link, I get the UI error.

Jira Admin API Error.PNG

Like
Hazwan Ariffin
Hazwan Ariffin
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
March 30, 2020

I was having the same issue before. I tested again this morning, and the page seems to be loading now. Have a look and try to generate a new API, and use it for your call. 

See if you're still hitting the 403 error.

Like
Joel Cook
Joel Cook March 31, 2020

Thanks for the response. The UI errors are gone now (good!) but even after generating a new key, I still get the 403-Forbidden response. I've opened a ticket with Jira support for them to look into it.

Like Jun_Matsumura likes this
Sara Davatelis
Sara Davatelis
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
Get involved
April 27, 2020

I'm having the same issue right now. Was support able to resolve? 

Like
Joel Cook
Joel Cook April 30, 2020

Yes (I believe). The issue is that we have not "verified our domain". This is a request that will have to be handled by our system administrators, so I don't have the final status on the API working or not, but I feel very confident this is going to fix the problem.

Like
Scott Reopelle
Scott Reopelle
Contributor
June 22, 2020

I have a Token from the link above and why using the API call I get errors:     

"key": "forbidden",    

"context": "Error: Caller must be an org admin of targeted account or be the targeted account",

"errorKey": "forbidden",    

"errorDetail": "Error: Caller must be an org admin of targeted account or be the targeted account"

 

I see that no one from Atlassian has answered this problem for some time.. Looks like it was submitted in March.

Like
Harry Bob
Harry Bob
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
July 2, 2020

I'm having the same issue on our end. However I have verified my domain so not sure why.

 

Any suggestions?

Like
Perrine HUVETEAU
Perrine HUVETEAU
Contributor
April 22, 2021

Same issue here.
i'm using the right org token, i'm an org admin with a verified domain.
The API is working fine for other api call such as org id, or user for org.

But i'm having a "Caller must be an org admin of targeted account or be the targeted account" when trying to disable a user.

Is there something else i'm missing ? 

Like
Shahin Mohammadkhani
Shahin Mohammadkhani
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
Get involved
May 3, 2021

I'm having the same issues. our scripts suddenly stopped working. this is causing a huge problem in our user management at the moment. and now generating new API keys dont allow me make API calls.

Like
Prakash Ganeshan
Prakash Ganeshan May 27, 2021

There is a open ticket with Atlassian, looks like unverified accounts won't be able to update using API :(

https://jira.atlassian.com/browse/ID-7677

Like
Reply

Suggest an answer

Log in or Sign up to answer
Jira
Jira
TAGS
AUG Leaders

Atlassian Community Events

    See all events