User & GroupsUser & Groups
Try For Free

How to use REST API with User Sync?

General Information

Please note that this is our private API, there might be breaking changes in upcoming versions. Please contact our support, if something does not work as expected anymore.

REST API

Below you will find some examples that you can use. You need to change the following:

  • change '<base-url>' with your actual base URL

  • change '<connectorID>' with your connector ID (you can find it if you click on Edit on your connector and scroll down to the field)

  • change '<directoryID>' with your directory ID (below the connector id)

You can find the connectorID in the connector settings. Go to User Sync and Edit the connector. 


Usersync main.png

From here you go to Connector Id and Directory under Advanced Settings.


Usersync edit.png


How to monitor the User Sync status via REST API?

Problem

We are looking for a REST API endpoint to monitor the User Sync status.

Solution

You can use the REST API of the User Sync app, which allows you to get the results from the last sync.

GET – status from the last sync

  1. curl -u username:password -X GET https://<base-url>/rest/samlsso-admin/1.0/usersync/connector/<connectorID>/syncstatus

GET – status from a specific sync

You could add the sync ID to the REST API call to get more information about a specific sync result:

  1. curl -u username:password -X GET https://<base-url>/rest/samlsso-admin/1.0/usersync/syncstatus/<id>

In our example, we use the ID 94.

  1. curl -u username:password -X GET https://<base-url>/rest/samlsso-admin/1.0/usersync/syncstatus/94


  1. {
  2. "status" : "DONE",
  3. "addedCount" : 0,
  4. "resultCount" : 2,
  5. "notModifiedCount" : 2,
  6. "failedCount" : 0,
  7. "updatedCount" : 0,
  8. "deletedCount" : 0,
  9. "filteredCount" : 0,
  10. "messages" : [ "Scheduled with jobid 388382e4-46cb-408f-bd12-ee71545653b0", "Skipping admin or sysadmin <admin>", "User <test> has no lastAuthenticated timestamp and cleanup users without timestamp is disabled. Therefore the user will not be cleaned up." ],
  11. "clusterNode" : "NOT_CLUSTERED",
  12. "connectorUID" : "7df9fd3f-793f-4595-b415-b839b76b0018",
  13. "lastModified" : "2022-10-05T08:17:44Z",
  14. "created" : "2022-10-05T08:17:44Z",
  15. "duration" : 0,
  16. "id" : 94,
  17. "resultMessage" : null,
  18. "resultFilePath" : null,
  19. "syncUserResults" : null,
  20. "connectorSupportInformation" : null,
  21. "syncStatusResult" : "SUCCESS",
  22. "_self" : "/syncstatus/94"
  23. }

GET – results from a sync

If you add /results you will get the sync results. The REST API call will only give the first 10 users by default.

  1. curl -u username:password -X GET https://<base-url>/rest/samlsso-admin/1.0/usersync/syncstatus/94/results

To get all users, please use the following REST API call (this would output the same results as for ALL USERS via the UI):

  1. curl -u username:password -X GET <https://<base-url>/rest/samlsso-admin/1.0/usersync/syncstatus/<id>/results?count=-1

More useful REST API examples

You can get some more information from your User Sync via REST API.

RUN_LOCALLY

We added the possibility to schedule a sync as RUN_LOCALLY instead of RUN_ONCE_PER_CLUSTER. To trigger a sync like this, use the following cURL command:

  1. curl -d "" -A "curl" -H "X-Atlassian-Token:nocheck" --user admin:<pw> http://<base-url>/rest/samlsso-admin/1.0/usersync/connector/<connectorID>/sync?local=true

GET – show all connectors

Get all configured connectors (and the connector settings). This will also include the uniqueId which is the Connector ID.

  1. curl -u username:password -X GET https://<base-url>/rest/samlsso-admin/1.0/usersync/connector/

GET - connector ID

We have to use a JSON parser to extract the information. You can use, as an example, jq to do that (jq is a lightweight and command-line JSON processor).

  1. curl -u user:password -X GET https://<base-url>/rest/samlsso-admin/1.0/usersync/connector/ | jq '.[].uniqueId'

If you want to get rid of the double quotes, pass -r (--raw) to jq:

  1. curl -u user:password -X GET https://<base-url>/rest/samlsso-admin/1.0/usersync/connector/ | jq -r '.[].uniqueId'

GET - show a connector

  1. curl -u username:password -X GET https://<base-url>/rest/samlsso-admin/1.0/usersync/connector/<connectorID>

POST

The way the command works has changed for SAML version 5.x / User Sync 2.x. The data is now sent as a JSON.

POST - initiate a Sync (User Sync 2.x)

  1. curl -X POST "https://<base-url>/rest/samlsso-admin/1.0/usersync/connector/<connectorID>/sync" \
  2. -H 'Content-Type: application/json; charset=utf-8' \
  3. -u ‘username:password’

POST - initiate a Single User Update (User Sync 2.x)

  1. curl -X POST "https://<base-url>/rest/samlsso-admin/1.0/usersync/connector/<connectorID>/syncsingle" \
  2. -H 'Content-Type: application/json; charset=utf-8' \
  3. -u ‘username:password’ \
  4. -d $'{"identifier": "<user-indentifier>"}'

POST - initiate a Single User Update with the Option Sync With Username As Primary Attribute (User Sync 2.x)

  1. curl -X POST "https://<base-url>/rest/samlsso-admin/1.0/usersync/connector/<connectorID>/syncsingle" \
  2. -H 'Content-Type: application/json; charset=utf-8' \
  3. -u 'username:password' \
  4. -d '{"identifier": "<user-indentifier>", "overridePrimaryAttributeWithUsername": true}'

POST - initiate a sync (User Sync 1.9)

  1. curl -u username:password -X POST https://<base-url>/rest/samlsso-admin/1.0/usersync/connector/<connectorID>/sync

POST - initiate a Single User Update (User Sync 1.9)

  1. curl -u username:password -X POST https://<base-url>/rest/samlsso-admin/1.0/usersync/connector/<connectorID>/syncsingle/<username>


DELETE - delete a directory

The REST API command will delete a User Directory in your Atlassian instance. This will also include a deletion of all users who were part of the directory! There will be no warning! Use with care.


  1. curl -u username:password -X DELETE https://<base-url>/rest/samlsso-admin/1.0/directory/<directoryID>

Creation

There is a way to create your deleted directory. Please note you can not start a new Sync from your User Sync Connector, this will fail with the following message:

  1. Scheduled with jobid d8dc7879-1b15-4dcd-98b6-64eb5c30e2f1
  2. Directory <directoryID> does not exists

  1. Choose the Connector Name from which you want to create a new directory. You have to click 'Edit' and 'Save' your connector settings (User Sync → Edit Connector → Save). This will create a User Directory (directory ID) again.

  2. Now you can start a 'Sync' again and the user directory will be filled with user data

PATCH - update connector configuration

A connector's configuration can be updated using HTTP patch.

This can be done either using JSON Merge Patch (RFC 7686) or JSON Patch (RFC 6902).

JSON  Patch

To update specific values, send a JSON patch (see https://jsonpatch.com/) as HTTP Patch with content-type application/json-patch+json

  1. [{
  2. "op": "replace",
  3. "path": "/name",
  4. "value": "Changed name"
  5. }]


  1. curl -u username:password -X PATCH https://<base-url>/rest/samlsso-admin/1.0/usersync/connector/<connectorID> -d @patched_json.json --header "Content-Type: application/json-patch+json"


JSON Merge Patch

JSON Merge patch allows to just specify the JSON-fragment that should be changed (see https://datatracker.ietf.org/doc/html/rfc7386). To use this syntax, send the JSON as HTTP Patch with content-type application/merge-patch+json.

  1. {
  2. "name" : "Changed Name"
  3. }


  1. curl -u username:password -X PATCH https://<base-url>/rest/samlsso-admin/1.0/usersync/connector/<connectorID> -d @patched_json.json --header "Content-Type: application/merge-patch+json"




This site uses cookies to deliver its service & to analyse traffic. By browsing this site, you accept the privacy policy.

Our Wiki uses cookies

We want to give you the best possible experience on our website. For this we use technically required cookies and, if you agree, cookies for analysis and marketing purposes. You can find more information about the cookies in our Privacy Policy. By tapping ‘Accept All,’ you consent to the use of these methods by us and third parties.

Necessary
Always Active
Analytics
Advertisement
Other