Jira Forge: Get 403 when requesting board configuration using requestJira in client

Fredrikstrm · February 13, 2023, 10:47am

I’m building a Jira App with Forge where I retrieve board data from the Jira Cloud Rest API. Data retrieval is done in a client-side script using requestJira from @forge/bridge. I’m able to successfully retrieve a list of all boards using the route /rest/agile/1.0/board but when I try to retrieve the configuration of a selected board using the route '/rest/agile/1.0/board/' + boardId + '/configuration' e.g. /rest/agile/1.0/board/4/configuration, this leads to the error response 403 “Forbidden”.

In manifest.yml I have defined permissions as follows:

permissions:
  scopes:
    - read:jira-work

One should think that this should be enough for retrieving board configurations, particularly since the retrieval of the board list was successful.

The route /rest/agile/1.0/board/4/configuration works fine when pasted into a browser’s address field after the URL of my dev instance.

What might be going wrong here? Thanks for any advice!

Fredrikstrm · February 19, 2023, 11:53am

Anyone?

tpettersen · February 20, 2023, 1:09am

Hi @Fredrikstrm,

Your app will require the read:board-scope.admin:jira-software and read:project:jira scopes, as per https://developer.atlassian.com/cloud/jira/software/rest/api-group-board/#api-rest-agile-1-0-board-boardid-configuration-get

Apologies for the confusion — most of Jira’s APIs for retrieving issue-related data are indeed guarded by read:jira-work. However several Jira Software-specific APIs, such as board-related APIs, have more fine-grained scopes applied to them. If you’re seeing 403s returned from the API it’s best to double-check the REST API documentation to make sure the correct scopes are applied.

cheers,
Tim

Fredrikstrm · February 22, 2023, 7:42pm

Thanks @tpettersen, adding those scopes did it. Somehow I had missed that part of the documentation.