Accessing Forge storage from a remote via REST API

prakashp · April 24, 2025, 11:48am

Hi Team,

Description

I’m trying to access my Forge app’s storage (KVS) from an external service using REST API calls. According to the documentation, the Forge storage API requires OAuth bearer tokens for authentication. However, I’ve encountered challenges in generating the proper OAuth token with appropriate scopes to access this API.

What I’ve Tried

Created an OAuth 2.0 integration in the Atlassian Developer Console
Attempted to include Forge storage-related scopes for the OAuth app
Set up Postman to make API calls to: https://api.atlassian.com/forge/storage/kvs/v1/secret/get
Generated OAuth tokens from my registered OAuth 2.0 app

Error Message

When attempting to access the API with the generated token, I receive:

json

{
    "code": "INVALID_OR_MISSING_CLAIMS",
    "message": "The authorization claims are missing or incorrect"
}

Questions

Is it possible to access Forge storage API from external services (outside of the Forge environment)?
If yes, what specific OAuth scopes are required to access the Forge storage API?
Is there any additional authentication mechanism needed beyond standard OAuth 2.0 tokens?
Are there any code examples for accessing Forge storage from external services?

Environment

Forge App:myapp
Trying to access from: Postman/External service
Authentication: OAuth 2.0

Thank you for your help!

jhazelwood · April 24, 2025, 11:24pm

You can access the API from external services (associated with a Forge app). The tokens are provided to your services as part of the Forge Remote mechanism. See:

ppasler · April 25, 2025, 7:02am

@jhazelwood so theoretically, this mechanism could also be used to give another Forge app access to the storage, right?

rmassaioli · April 26, 2025, 1:08pm

Yes, the app is no longer Runs on Atlassian anymore, obviously. But yes, this is very possible and quite desirable for certain apps. Say multiple apps that all rely on one shared web service.