401 status code on GET `/rest/api/space/${spaceKey}/watch` and `/rest/api/search/user`

After following the Confluence hello world app tutorial, I wanted to see if I can get some other API endpoints to work, specifically the “Get space watchers” and “Search users” endpoints:
https://developer.atlassian.com/cloud/confluence/rest/api-group-content-watches/#api-wiki-rest-api-space-spacekey-watch-get
https://developer.atlassian.com/cloud/confluence/rest/api-group-search/#api-wiki-rest-api-search-user-get

I tried adding all scopes to the manifest.yml file (and deploying, installing + accepting the new scopes), but I still receive a 401. (Note: I added all scopes for debugging purposes, I wouldn’t publish an app with unnecessary scopes enabled)

After looking at the docs again I saw that there are only Connect scopes defined for those endpoints, no oAuth2.0 scopes. Does that mean that I cannot use those endpoints yet using Forge? If so, any idea when Forge support for these endpoints will be added?

Thanks!

Hi @KoenCuijpers. 401 looks more like an authentication problem to me. Could you please share your app code and manifest permissions as well?

Hi @Dmitrii, thanks for helping out. Sure, I’ll share the code of my manifest.yml and test app below.

This is my manifest.yml
(decided to add all scopes listed in the docs to verify I wasn’t missing any)

modules:
  macro:
    - key: hello-world-app-hello-world
      function: main
      title: Forge app for Koen
      description: Inserts Hello world!
  function:
    - key: main
      handler: index.run
app:
  id: ari:cloud:ecosystem::app/5a09efbb-1582-4dd0-bc56-6294976b979e
permissions:
  scopes:
    - read:confluence-content.all
    - read:confluence-content.summary
    - write:confluence-content
    - read:confluence-space.summary
    - write:confluence-space
    - write:confluence-file
    - read:confluence-props
    - write:confluence-props
    - search:confluence
    - manage:confluence-configuration

This is my app code
(basically the hello-world app in adjusted form)

import api, { route } from "@forge/api";
import ForgeUI, { render, Fragment, Text, Macro, useProductContext, useState } from '@forge/ui';

// Method to get space watchers
const fetchWatchersForSpace = async (spaceKey) => {
  const res = await api
    .asApp()
    .requestConfluence(route`/rest/api/space/${spaceKey}/watch`);

  console.log(`Status for space watchers: ${res.status}`);
  const data = await res.json();
  console.log(`Response data for space watchers: ${data.results}`);

  return data.results;
};

// The app code
const App = () => {
  const context = useProductContext();

  const [users] = useState(async () => await fetchWatchersForSpace(context.spaceKey));
  console.log(`All users: ${users}`)


  return (
    <Fragment>
      <Text>Users that are watching this space: {users}</Text>
    </Fragment>
  );
};

export const run = render(
  <Macro
    app={<App />}
  />
);

This code results in the following logs when using forge tunnel:
image

Hey @KoenCuijpers,

I work with @Dmitrii and he’s looped me in, sadly you are correct these routes aren’t yet supported by Forge through .asApp/.asUser as these methods use OAuth under the hood. Methods that work with forge will have OAuth scopes required: present in the docs (for example).

As a workaround for the user search route I have heard of people having success with using CQL through the search content API which does support OAuth.

At this stage I can’t provide an estimate of when these endpoints will be available although I would suggest checking if a request exists for them on the FRGE feedback board, or adding a request if it’s not present and is blocking your use case.

1 Like