Make Insight REST API call from Forge App as User

I would like to make a call to the new Insight REST API from a Forge App and authenticate as the currently logged in user.
The page lists only Basic Auth as a possible authentication mechanism. Is that really the only way? Are there plans to integrate Insight REST calls into Forge along the lines of requestJira (requestInsight)?

Hi Max, unfortunately it’s not on the near term roadmap. Check @JakubMierzewski’s recent post for details on what is coming soon.

To show your support please vote for the idea (FRGE-400) because it definitely unlocks some interesting use cases.

@AdamMoore,

I think @MaxGroe is referring to a JSM feature called Insight (singular), for which Forge support is not on any public roadmap.

@MaxGroe,

I happen to be working with the product manager for that feature. Can you tell me more about why you are interested in using Insight with a Forge App? And can you say more about what customer functionality your app would provide? Is your app free or sold through Marketplace? We’re looking for additional developer & customer context to make the business case for Forge support on JSM Insight.

Thank you for your help so far! Bummer that it’s not really possible so far, but I can understand that this is a low priority for you guys right now.
We actually have another use case for calling the Insight API from Forge, but here we would like to authenticate not as the user, but as the app itself. Is it possible to authenticate with a Forge App to the Insight API? And what permissions would the app have? Could you give it complete admin permissions on Insight?
@AdamMoore

@MaxGroe,

It doesn’t matter if “as user” or “as app”. Forge Apps cannot authorize to Insight.

It would still help to get additional context for feedback to the Insight product team:

There is also a feature request for enabling Insight REST API for Connect apps using JWT (as well as impersonated OAuth2) authentication [ACJIRA-2568] - Ecosystem Jira.

1 Like

We use Insight on Jira cloud service desk to store business data. That Business data is then manipulated as workflows proceed to create custom functionality like collecting multiple approvals for different effected departments.
Some of our automation would work well in a Forge app as it would give us better control over the exposure and presentation of Insight custom fields.
Currently we use an admin user and basic auth to make calls out to the Insight REST APIs from script runner.
Is this not possible from inside a Forge APP? or is it just the authentication as app or user that is not possible? I guess what I am asking is can we make REST calls out to URLs like “https://api.atlassian.com/jsm/insight/workspace/{workspaceId}/v{version}/object/{id}” from inside a Forge app? Can a forge app make rest calls to any public resource?

HI @ibuchanan
We use Insight Objects for our Business data as we migrated from Jira Server to the cloud.
Manipulating Insight object is fundamental to what we would like to do with either forge or Connect apps.
I am creating some proof of concept Forge demos at the moment and I was alarmed to see your comments that Forge apps can not access Insight REST APIs. (See my post below.) Is this in every case or is it just authenticating as App or current user? Can forge apps only call instance specific REST APIs?

@RobertW,

If you are building for yourself, where the app would not be listed in Marketplace, then you have some additional flexibility to make calls to your own Insight instance using Insight’s simple API tokens. To my knowledge, there are no solutions that will work with a Marketplace App.

As you have observed, Forge does allow arbitrary outbound HTTP requests using fetch. That means Forge has the technical ability to call Insight.

However, the problem is Insight’s REST API only accepts API tokens right now. And the Marketplace Security Policy reads:

  1. The application must not collect Atlassian user credentials.

But maybe I’m interpreting the requirements too strictly. Maybe @JakeComito could weigh in as authority? Would Marketplace approve an app that requires configuration with an API token?