403 Forbidden received when trying to create JIRA issue using AP.Request

Hi all,

I’m trying to create a JIRA issue from confluence using the rest API with an AP.Request() call.

I have no problem attempting to create the issue using curl.

curl --request POST --url ‘https://XXX.atlassian.net/rest/api/3/issue’ --user YYY:ZZZ --header ‘Accept: application/json’ --header ‘Content-Type: application/json’ --data ‘{“fields”: {“summary”: “Issue Z created”, “issuetype”: { “id”: “10001” }, “project”: { “key”: “VP” },“description”: {“type”: “doc”,“version”: 1, “content”: [{ “type”: “paragraph”, “content”: [{“text”: “This is the description.”, “type”: “text”}]}]}}}’

Below is the AP.Request.

var jdataString = ‘{“fields”: {“summary”: “Issue Z created”, “issuetype”: { “id”: “10001” }, “project”: { “key”: “VP” },“description”: {“type”: “doc”,“version”: 1, “content”: [{ “type”: “paragraph”, “content”: [{“text”: “This is the description.”, “type”: “text”}]}]}}}’
url: ‘/rest/api/3/issue’,
type: ‘POST’,
headers : {
accept: ‘application/json’
contentType: ‘application/json’,
data: jdataString,
.then(function(data) {
.catch(e => alert(e.err));

The response returned is:

<!doctype html>HTTP Status 403 – ForbiddenH1 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:22px;} H2 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:16px;} H3 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:14px;} BODY {font-family:Tahoma,Arial,sans-serif;color:black;background-color:white;} B {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;} P {font-family:Tahoma,Arial,sans-serif;background:white;color:black;font-size:12px;}A {color : black;}A.name {color : black;}HR {color : #525D76;}

HTTP Status 403 – Forbidden

Type Status Report

Message Request not in an authorized API scope

Description The server understood the request but refuses to authorize it.

Apache Tomcat/7.0.91

I have looked at many similar issues in the community. I have tried the ‘X-Atlassian-Token’ :‘no-check’ header as well, but this doesn’t appear to help.

Since the above error message states Request not in an authorized API scope, I initially had “READ”, “WRITE”, but have since included all the scopes in my atlassian-connect.json. They are listed below.
“lifecycle”: {

    "installed": "/installed"
"scopes": [
"modules": {
    "generalPages": [

Any suggestions would be appreciated.

A confluence app cant call Jira rest api’s… you’ll need to create a Jira app and then have a way of “connecting” the install of the confluence app and the Jira app. At that point you can have your confluence app call your confluence backend end and have it retrieve the credentials for the Jira app and create the Jira issue.

Another option is to do 3LO from within the confluence app. You’ll have another set off issues - but you could do a lot more on the client side of things.

1 Like

Thanks for your response @danielwester. I’ll look into these options.

One more question though @danielwester, would User impersonation for Connect apps be an option here?

You’ll have the same issue. A Confluence app can only call Confluence rest apis.

You CAN call Jira from a Confluence page with Javascript in an {HTML macro. You need to call it through the applink proxy though, which you can get from an https://<your confluence URL/jiraanywhere/latest/servers call. You then append the Jira appid and the REST API call. This gets around the CORS issue.

For example:
GET https:///plugins/servlet/applinks/proxy?appId=&path=https://track.td.com/rest/api/latest/

At least I have that working for GETs. I’m getting a 403 on POSTs, but just started down that road this morning.