Access external REST services via forge

ThorstenKamann · February 12, 2025, 8:40pm

Hello,

I am working on a forge macro that queries the Pipedrive API to show the result of a person filter in a Confluence page.

The Pipedrive API supports x-api-token but I haven’t the right idea how to realize this:

curl --request GET \
--url "https://companydomain.pipedrive.com/api/v1/deals" \
--header "x-api-token: ..."

I tried in a resolver via fetch but that doesn’t work because of error message that the external.images permission not set for this url. That cannot be right, because I don’t request an image.

In the Forge examples for auth there are only OAuth examples.

I hope anyone of you can supports me
Best
Thorsten

DavidPezet1 · February 12, 2025, 10:22pm

Could the data being returned include an image url, maybe for an avatar or something? If there is an image path maybe try adding the following to your manifest,

permissions:
  external:
    images:
      - https://<URL>/*

Can you post the full error?

ThorstenKamann · February 12, 2025, 10:54pm

Yes of course:

=== Running forge lint...

.../forge-examples/confluence-pipedrive-integration/src/filter-view/resolvers/index.js
14:31   error    The domain https://companydomain.pipedrive.com/api/v1/deals is not included in the "permissions.external.images" section of your app's manifest.yml file  egress-permission-required

But nothing changes if I add

permissions:
  external:
    images:
      - "https://companydomain.pipedrive.com/api/v1/deals"

DavidPezet1 · February 12, 2025, 11:20pm

Maybe try adding /* to the end?

I have an app that uses the Pipedrive Oauth and this wasn’t required, but I do have another external image source ending with /*. I also define other aspects of Pipedrive in other parts of the manifest. This could also explain why It wasn’t needed?

For example, I also have

remotes:
  - key: api-pipedrive
    baseUrl: "https://<SITENAME>.pipedrive.com"
    operations:
      - other
permissions:
  external:
    fetch:
      backend:
        - remote: api-pipedrive

ThorstenKamann · February 13, 2025, 8:39am

Played around with your hint and adding the fetch.backend stuff and voila, the error is gone away. Perhaps it was a wrong error message?

With this configuration it works:

permissions:
  external:
    fetch:
      backend:
        - 'https://*.pipedrive.com'

Now I getting a hint after execute forge eligibility:

The version of your app [4.0.0] that's deployed to [development] is not eligible for the Runs on Atlassian program.
 - App is egressing data

Do you know what this means “is not eligible for the Runs on Atlassian program”. Does this mean that I cannot upload this app to the Atlassian Marketplace?

DavidPezet1 · February 13, 2025, 6:24pm

Awesome! Glad that worked! Yeah I’m not sure if it is a bad error, or if the backend definition serves as a catch-all. Maybe someone like @dmorrow or @mpaisley might know?

Regarding the ...is not eligible for the Runs on Atlassian program... message, I think it is just a Market Place flag. You can find more information here, https://developer.atlassian.com/platform/forge/runs-on-atlassian