It might but you should not depend upon that data inside the token. The policy of Atlassian regarding tokens is they should be considered opaque:
I’m not sure I understand. Can you explain your index.js in Forge terms? In other words, where is the JavaScript function that makes the HTTP request referenced in the Forge manifest?