Jira Forge: Get 403 when requesting board configuration using requestJira in client

I’m building a Jira App with Forge where I retrieve board data from the Jira Cloud Rest API. Data retrieval is done in a client-side script using requestJira from @forge/bridge. I’m able to successfully retrieve a list of all boards using the route /rest/agile/1.0/board but when I try to retrieve the configuration of a selected board using the route '/rest/agile/1.0/board/' + boardId + '/configuration' e.g. /rest/agile/1.0/board/4/configuration, this leads to the error response 403 “Forbidden”.

In manifest.yml I have defined permissions as follows:

    - read:jira-work

One should think that this should be enough for retrieving board configurations, particularly since the retrieval of the board list was successful.

The route /rest/agile/1.0/board/4/configuration works fine when pasted into a browser’s address field after the URL of my dev instance.

What might be going wrong here? Thanks for any advice!


Hi @Fredrikstrm,

Your app will require the read:board-scope.admin:jira-software and read:project:jira scopes, as per https://developer.atlassian.com/cloud/jira/software/rest/api-group-board/#api-rest-agile-1-0-board-boardid-configuration-get

Apologies for the confusion — most of Jira’s APIs for retrieving issue-related data are indeed guarded by read:jira-work. However several Jira Software-specific APIs, such as board-related APIs, have more fine-grained scopes applied to them. If you’re seeing 403s returned from the API it’s best to double-check the REST API documentation to make sure the correct scopes are applied.


1 Like

Thanks @tpettersen, adding those scopes did it. Somehow I had missed that part of the documentation.

1 Like