Hello folks !
Bumped into a specific case that I don’t really understand
Downloaded Postman Collection : https://developer.atlassian.com/cloud/jira/platform/rest/v3/api-group-issues/#api-rest-api-3-issue-issueidorkey-get
As described and I’ve also tested it, for attachments for example , the response has the following structure (shortened)
"content": "https://your-domain.atlassian.net/jira/rest/api/3/attachment/content/10000",
"thumbnail": "https://your-domain.atlassian.net/jira/rest/api/3/attachment/thumbnail/10000"
Attachments contains the domain your-domain.atlassian.net, while using the same api with @forge/api
const apiResponse = await api
.asUser()
.requestJira(route`/rest/api/3/issue/${key}`);
the response for content and thumbnail attributes looks different
content: 'https://api.atlassian.com/ex/jira/33f9a117-8ac8-467f-8d33-b34ebafe9d78/rest/api/3/attachment/content/10000',
thumbnail: 'https://api.atlassian.com/ex/jira/33f9a117-8ac8-467f-8d33-b34ebafe9d78/rest/api/3/attachment/thumbnail/10000'
Instead of your-domain.atlassian.net, data is api.atlassian.com/ex/jira
Why this is the case ? Since with Postman apiToken is used, with @forge/api I believe the same apiToken is being used for Authorization 
Opening the response from Postman in browser for content attribute, downloads the content directly, but with forge api it does not 
Thanks for any explanation!
No. Assuming you are using Postman with an API Token. The Forge authorization mechanisms are built our OAuth 2.0 implementation. One thing you’ll notice is how much of that Forge abstracts away so you don’t have to worry about it. In the step on constructing the request URL, you’ll see that OAuth 2.0 all works on api.atlassian.com. In Forge, all that URL construction is handled by the route macro.
The API is returning URLs based on where it is being called from. In this case (and mostly opaque to you), it actually is api.atlassian.com.
2 Likes
@ibuchanan , thanks a lot for explanation !
Yeah, the abstraction and encapsulation done by forge it is noticeable! like it !
However, how a response can be rendered un Custom UI ? I do understand that it hides the domain, which is nice, but Custom UI is not able to render that response for example :
https://api.atlassian.com/ex/jira/3289a117-8ac8-467f-8d33-b34ebafe9d78/rest/api/3/attachment/thumbnail/10010
While this works perfect in the browser when instead of api.atlassian.com the actual domain is being used
How would we render the attachments in Custom UI ?
I would expect since this resource it is viewable in browser, should render the same in Custom UI right ?
For example :
<img src="https://api.atlassian.com/ex/jira/3289a117-8ac8-467f-8d33-b34ebafe9d78/rest/api/3/attachment/thumbnail/10010" />
Why this won’t render in a Custom UI ?
Getting 403 (Forbidden)
Or maybe some other headers, authorization stuff is needed to be passed to be able to render attachments and thumbnails ?
Thanks for your input on this 