Invoking Forge storage api using api token and basic auth

Hi All ,

Is it possible to invoke storage api of forge framework from a non-forge backend application using Jira api token and basic auth ?



No. It’s not possible. The capability (but with a different auth model) was recently discussed here:


@MukeshkumarJain You can upvote this feature request in the Forge issue tracker: Issue navigator - Ecosystem Jira


Thanks for sharing that issue. And I encourage watch, vote, and comment. As written, I don’t think there is enough for the appropriate Product Manager (PM) to understand the problem you are trying to solve and why his proposed solution (in the RFC) would not work. Currently, the PM has articulated some self-imposed constraints to help establish a stronger security posture for Forge, which were subsequently elaborated by one of the engineers as these 3 constraints:

That being said we also need to achieve the following Security Controls:

  1. Time limited access credentials
  2. Tenant Isolated access credentials
  3. Policy enforcement checks at point of credential refresh

At this time, API Tokens would not meet those constraints. Hence, a deeper articulation of the problem you are trying to solve on the issue would be necessary to negotiate a compromise.

Further conversation on this thread won’t help us toward that goal. So for @MukeshkumarJain and anyone else looking for API Tokens for Forge Storage should please take the concerns to the open issue FRGE-1308. I’m locking this thread in favor of moving conversation there.

1 Like