I’m writing an app using Forge and CustomUI. I want to be able to connect to the Confluence API, but I keep getting errors.
Currently in static/hello-world/src/App.js I call the following function when a button is clicked:
const handleClick = async () => {
const response = await requestConfluence(`/wiki/rest/api/user/current`);
console.log(response);
};
which I believe should get me the currently-signed in user’s details.
In manifest.xml I have:
permissions:
scopes:
- read:page:confluence
- read:confluence-user
However, when I click the button, the request is made and I get this error:
{"code":401,"message":"Unauthorized; scope does not match"}
What am I doing wrong?
Have you reinstalled the app since adding the scopes? If not, try forge install --upgrade and then refresh the app and accept the new permissions.
You also need to use route to pass API paths into requestConfluence – I don’t think this is causing your current problem but might be the next one. 
More info and some examples here: https://developer.atlassian.com/platform/forge/runtime-reference/product-fetch-api/
1 Like
I think that is exactly the problem. From the Forge documentation on route:
You must use the route tagged template function to construct the path that’s passed to the product fetch APIs. route is a tagged template function that runs encodeURIComponent on each interpolated parameter in the template string. This provides protection against security vulnerabilities, such as path traversal and query string injection.
Even among experienced JavaScript developers, this technique seems to be unfamiliar. Understanding tagged template functions is important so that you can avoid some errors in URL construction that seem to be quite common.
1 Like