@forge/api response vs Postman rest api

Hello folks !
Bumped into a specific case that I don’t really understand

Downloaded Postman Collection : https://developer.atlassian.com/cloud/jira/platform/rest/v3/api-group-issues/#api-rest-api-3-issue-issueidorkey-get

As described and I’ve also tested it, for attachments for example , the response has the following structure (shortened)

 "content": "https://your-domain.atlassian.net/jira/rest/api/3/attachment/content/10000",
 "thumbnail": "https://your-domain.atlassian.net/jira/rest/api/3/attachment/thumbnail/10000"

Attachments contains the domain your-domain.atlassian.net, while using the same api with @forge/api

    const apiResponse = await api

the response for content and thumbnail attributes looks different

    content: 'https://api.atlassian.com/ex/jira/33f9a117-8ac8-467f-8d33-b34ebafe9d78/rest/api/3/attachment/content/10000',
    thumbnail: 'https://api.atlassian.com/ex/jira/33f9a117-8ac8-467f-8d33-b34ebafe9d78/rest/api/3/attachment/thumbnail/10000'

Instead of your-domain.atlassian.net, data is api.atlassian.com/ex/jira

Why this is the case ? Since with Postman apiToken is used, with @forge/api I believe the same apiToken is being used for Authorization :thinking:

Opening the response from Postman in browser for content attribute, downloads the content directly, but with forge api it does not :frowning:

Thanks for any explanation!

No. Assuming you are using Postman with an API Token. The Forge authorization mechanisms are built our OAuth 2.0 implementation. One thing you’ll notice is how much of that Forge abstracts away so you don’t have to worry about it. In the step on constructing the request URL, you’ll see that OAuth 2.0 all works on api.atlassian.com. In Forge, all that URL construction is handled by the route macro.

The API is returning URLs based on where it is being called from. In this case (and mostly opaque to you), it actually is api.atlassian.com.


@ibuchanan , thanks a lot for explanation !
Yeah, the abstraction and encapsulation done by forge it is noticeable! like it !

However, how a response can be rendered un Custom UI ? I do understand that it hides the domain, which is nice, but Custom UI is not able to render that response for example :


While this works perfect in the browser when instead of api.atlassian.com the actual domain is being used :thinking:

How would we render the attachments in Custom UI ?
I would expect since this resource it is viewable in browser, should render the same in Custom UI right ?
For example :

<img src="https://api.atlassian.com/ex/jira/3289a117-8ac8-467f-8d33-b34ebafe9d78/rest/api/3/attachment/thumbnail/10010" />

Why this won’t render in a Custom UI ?

Getting 403 (Forbidden)

Or maybe some other headers, authorization stuff is needed to be passed to be able to render attachments and thumbnails ?

Thanks for your input on this :slight_smile: