[SOLVED] How do I get all teams a user has already joined?

Native Android:
I am using the following GET
@GET("/api/v3/teams/all_team_listings") Promise<Object> getJoinedTeam(@Header("user") User user);

But I am getting this error:
{"status_code":401, "message":"Invalid or expired session, please login again.", "id":"api.context.session_expired.app_error", "is_oauth":false, "detailed_error":"token=: cr-PoVvgO7I:APA91bFbekp7fIqZETF2-_rxiD_FwUYlIN9soS7U8cEALSKZwC8U2oXsSnMlyumL5qsglXW84Y8MwE5_UB1eJ8mjTsDiVdHLiSX0n9u8ad5LbHzjzs7B6RF2j0YQeeIsTK80D7kY41PO", "request_id":"sfpb8dg6u3n7tp6zsfkx3q4x3e"}

The user has just logged in with the login api and all their credentials are saved. I don’t understand because this is a GET request but it also says ApiUserRequired so I put the user in the header. I tried not having a header at all but then I get error: "Appears to be a CSRF attempt"

Any help would be appreciated.


You can use a GET to /api/v3/teams/all

don’t forget to put the token in the header like this Authorization: Bearer Token

This request will return you a json like this :

	"team_id": {
		"id": "team_id",
		"create_at": 1465376566524,
		"update_at": 1465376566524,
		"delete_at": 0,
		"display_name": "Test",
		"name": "test",
		"email": "",
		"type": "O",
		"company_name": "",
		"allowed_domains": "",
		"invite_id": "",
		"allow_open_invite": false
        "team_id2": {
		"id": "team_id2",
		"create_at": 1465376566524,
		"update_at": 1465376566524,
		"delete_at": 0,
		"display_name": "Test2",
		"name": "test2",
		"email": "",
		"type": "O",
		"company_name": "",
		"allowed_domains": "",
		"invite_id": "",
		"allow_open_invite": false

Hello, thank you for responding, I was under the impression that /all gets a list of all teams ever created, even ones the user has not joined, correct me if I am wrong. I only want the teams that that specific user has joined.

From what I see, I think /all return only the teams that user has joined

Ok, then what is /all_team_listings supposed to do?

By the way, when I use /all I receive back 4 teams when the user only has access to 2.

I don’t know the uses to /all_team_listings but when the user have acces to 6 teams, /all_team_listings only return one and /all return six teams

Can you try when the user only has access to 1 team when there are 6 teams possible?

But anyway, my main question is how are you doing the /all_team_listings call?

If the user has only acces to one team, /allshow the 6 teams :s

I do a get to /api/v3/teams/all_team_listings with in the header the token like this Authorization: Bearer Token

I’ve been trying like this and I am getting the error I originally mentioned.

       Promise<Object> getMyJoinedTeamsWHeader(@Header("Authorization: Bearer Token") String deviceID, @Header("user") User user);

I have also tried Authorization: Bearer and just Authorization: and other variations but the same error always appears.

Hi @Julia and @xgerber,

Sorry, the APIs are a bit confusing since they were only designed with our web app in mind so they kind of grew organically. The call that you want is /api/v3/users/initial_load. It returns all the data that our web client absolutely needs to render including the current user, their teams, some user settings, and configuration data.

And regarding your authentication error, you should be setting the “Authorization: Bearer Token” to header to the value of the “Token” header received when first logging in. That should let you access all the APIs.

1 Like

I see, I’ll try using /initial_load then, out of curiostiy, what are the other two supposed to do? Also, is the token set server side using the /login line or should I be doing something client side to store it?

Calling /initial_load returns a Promise<InitialLoad> object which is just a wrapper for a User object. User only has fields pertaining to name, email, password, etc., there is nothing in there related to teams. Can I get some further instruction on how to access a users’ teams?

Calling /initial_load returns this Json :

    "user": {
        "id": "atmuq3rojiftxqwr7iwmqtubaw",
        "create_at": 1470910198366,
        "update_at": 1470910198722,
        "delete_at": 0,
        "username": "user1",
        "auth_data": "",
        "auth_service": "",
        "email": "user1@test.fr",
        "nickname": "",
        "first_name": "",
        "last_name": "",
        "roles": "system_admin",
        "last_activity_at": 1470910199882,
        "allow_marketing": true,
        "notify_props": {
            "all": "true",
            "channel": "true",
            "desktop": "all",
            "desktop_sound": "true",
            "email": "true",
            "first_name": "false",
            "mention_keys": "user1,@user1"
    "last_password_update": 1470910198366,
    "locale": "en",
    "team_members": [1]
    0:  {
        "team_id": "ec8jdcujzfdnzpjihpwayp4aqc"
        "user_id": "atmuq3rojiftxqwr7iwmqtubaw"
        "roles": "admin"
    "teams": [1]
    0:  {
        "id": "ec8jdcujzfdnzpjihpwayp4aqc",
        "create_at": 1470910198709,
        "update_at": 1470910198709,
        "delete_at": 0,
        "display_name": "application",
        "name": "application",
        "email": "",
        "type": "O",
        "company_name": "",
        "allowed_domains": "",
        "invite_id": "b7q5rx6iftby3rt5uk99xp7c7o",
        "allow_open_invite": true
    "direct_profiles": {},
    "preferences": [1]
    0:  {
        "user_id": "atmuq3rojiftxqwr7iwmqtubaw",
        "category": "tutorial_step",
        "name": "atmuq3rojiftxqwr7iwmqtubaw",
        "value": "0"
    "client_cfg": {
        "AboutLink": "https://about.mattermost.com/default-about/",
        "AllowCorsFrom": "",
        "BuildDate": "Fri May 27 18:08:10 UTC 2016",
        "BuildEnterpriseReady": "false",
        "BuildHash": "cb745475452a9fc8ef3a9fedf6b34af7d05adba9",
        "BuildNumber": "3.0.3",
        "EnableCommands": "false",
        "EnableDeveloper": "false",
        "EnableIncomingWebhooks": "false",
        "EnableOAuthServiceProvider": "false",
        "EnableOnlyAdminIntegrations": "true",
        "EnableOpenServer": "true",
        "EnableOutgoingWebhooks": "false",
        "EnablePostIconOverride": "false",
        "EnablePostUsernameOverride": "false",
        "EnablePublicLink": "false",
        "EnableSignInWithEmail": "true",
        "EnableSignInWithUsername": "true",
        "EnableSignUpWithEmail": "true",
        "EnableSignUpWithGitLab": "false",
        "EnableSignUpWithGoogle": "false",
        "EnableTeamCreation": "true",
        "EnableUserCreation": "true",
        "FeedbackEmail": "",
        "GoogleDeveloperKey": "",
        "HelpLink": "https://about.mattermost.com/default-help/",
        "PrivacyPolicyLink": "https://about.mattermost.com/default-privacy-policy/",
        "ProfileHeight": "128",
        "ProfileWidth": "128",
        "ReportAProblemLink": "https://about.mattermost.com/default-report-problem/",
        "RequireEmailVerification": "false",
        "RestrictDirectMessage": "any",
        "RestrictTeamNames": "true",
        "SegmentDeveloperKey": "",
        "SendEmailNotifications": "false",
        "ShowEmailAddress": "true",
        "SiteName": "Mattermost",
        "SupportEmail": "feedback@mattermost.com",
        "TermsOfServiceLink": "https://about.mattermost.com/default-terms/",
        "Version": "3.0.0",
        "WebsocketPort": "80",
        "WebsocketSecurePort": "443"
    "license_cfg": {
        "IsLicensed": "false"
    "no_accounts": false

Like you can see there is informations about teams. This time it’s only teams of the user.

I think it’s your parser no?

1 Like

/all_team_listings gives the list of open teams that any user may join without an invite. You can see it on the page that shows up when you first log in if there’s any open teams available.

/all returns a sanitized list of every team on the server.

And the object posted by xgerber looks correct. You can see all the structure the returned object here.

1 Like

Finally got it working, thanks guys!