Calling non Oauth2 API's from a Forge app

Routes like #api-rest-api-3-projectvalidate-validprojectname-get don’t Support Oauth2 (3LO) and refer to https://developer.atlassian.com/cloud/jira/platform/rest/v3/#authentication for alternate Authentication methods. However the only Option that appears to fit this usecase is BasicAuth, which is less secure.

So is it possible to call a route like ValidateProjectName from an Forge app, and if yes what is the appropriate Authentication Method ?

Hi @JakobRenner, you can call this endpoint from Forge using basic auth following the instructions in this doc: https://developer.atlassian.com/platform/forge/apis-reference/fetch-api-product.requestjira/#unauthenticated-example. Basic auth should provide sufficient security for this endpoint as it doesn’t require any permissions.

2 Likes

Hi @JakobRenner and welcome to the Developer Community.

Forge provides Product Fetch APIs that allow you to make API requests for Jira. Scopes are then used to determine the permissions your app needs. See requstJira to learn more.

If this has answered your question, please don’t hesitate to mark it as the solution. If not, please let me know where I can assist.

Cheers!
Mel

Thanks for the quick response.
While it seems some what odd and inconvenient to require the use of a less secure Authentication method for some routes, using BasicAuth with a User with no special permissions dose work for my Use Case.