Clarification Needed on Authentication for Forge Remote App (NOAUTH Error)

Forge
,
1

Hi everyone,

I’m working on a Forge app that uses a remote resolver (Custom UI → Remote backend via invokeRemote) and I’m trying to test my external endpoint directly using curl during development. My backend is exposed via ngrok.

Here’s the request I’m making:

curl --request GET "https://<ngrok-subdomain>.ngrok-free.app/frc-external?installationId=ari%3Acloud%3Aecosystem%3A%3Ainstallation%2Ff2e38adf-13ee-4aec-bd8d-10a8afa2d801" \
  --user "app:DFk28gN0I7ZLdZGLybD1E2h8+cDbFhdSEw3kAEmI1Jc=" \
  --header "Accept: application/json"

But I keep getting this response:

{
  "success": false,
  "error": {
    "errorMessage": "NOAUTH Authentication required.",
    "errorType": "Bad Invocation"
  }
}

:magnifying_glass_tilted_left: Context:

  • The endpoint is defined in manifest.yml under remotes.
  • I’m trying to test the frc-external path which is supposed to accept external HTTP calls (e.g., from IFTTT or other webhooks).
  • The installationId is correctly passed.
  • The app secret is the one shown on the developer console.
  • My forge app works fine otherwise and the remote functions are invoked successfully from invokeRemote.

:red_question_mark:My questions:

  1. Is --user "app:<APP_SECRET>" the correct way to authenticate for testing frc-external?
  2. Is this endpoint expecting a Forge Invocation Token (FIT) instead? If yes, how can I generate and pass it?
  3. What’s the correct way to test these endpoints manually via curl or Postman?

Any help or examples would be super appreciated! :folded_hands:
Let me know if I missed anything in config or usage.

Thanks,
Rohith