Getting 403 Forbidden Error in my Forge App

KeithHamburg · October 6, 2025, 10:20pm

I am developing a Forge UI Kit app. I created a custom field in the manifest:

jira:customField:
  - key: my-field
    name: My Field
    description: Desc of My Field
    type: number
    searcher: exact
    readonly: true

I made the field readonly because I only want the app to update this field. Here is the code I use to update it:

import { requestJira } from '@forge/bridge';

...
// issueId = The jira issue id
// fieldId = 'customfield_12345'
// value = a number (e.g. 5)

console.debug(`Updating custom field value for issue: ${issueId}, field: ${fieldId}, value: ${value}`);

var bodyData = `{
      "updates": [
        {
          "issueIds": [
            ${issueId}
          ],
          "value": ${value}
        }
      ]
    }`;

const response = await requestJira(`/rest/api/3/app/field/${fieldId}/value`, {
    method: 'PUT',
    headers: { 'Accept': 'application/json', 'Content-Type': 'application/json' },
    body: bodyData
});

I can see the response in my browser network tab is:

{
    "errorMessages": [
        "Only apps can access this resource (impersonated requests are not allowed)."
    ],
    "errors": {}
}

FlixAndre · October 7, 2025, 7:03am

Hi @KeithHamburg

You can try to make the call with asApp():

import api, { route } from ‘@forge/api’;

const result = await api.asApp().requestJira( `/rest/api/3/app/field/${fieldId}/value`,etc…

KeithHamburg · October 7, 2025, 11:23pm

Correct me if I’m wrong, but I think you can only use that from resolver (back-end) code? I’m using the bridge version in my front end UI Kit code and it doesn’t have asApp() as an option.

However, it is part of my UI Kit app code, so I’m not sure why I would get this message: “Only apps can access this resource (impersonated requests are not allowed).”

mpaisley · October 8, 2025, 3:36am

Yeah that’s correct - asApp() and asUser() only works for the requestJira() commands run through the Resolver / back end using @forge/api. See forge/api requestJira docs

When you use requestJira() from @forge/bridge in a Forge Custom UI app or UI Kit app, the API call is made on behalf of the user who is currently interacting with the app (the user initiating the request), not as the app itself. See forge/bridge requestJira docs

So, to make a change to the resource your request will need to go via the backend / resolver.

I hope this explains why this is happening.

Cheers!
Mel