Reponse 403 from the REST API (Missing scopes when there's not)

Hello everyone,

I’m currently running into a big problem: I can’t send request to the REST API.

In my case, I want to get the list of all organizations in my project, so I’m using

GET /rest/servicedeskapi/organization

I’m sending it with the correct headers, and my acces token, juste like in the documentation.

But I’m getting a 403 Response, saying this:

Reponse from Atlassian API: 403 {
"Access to the resource was denied due to missing scope grants. Your app was granted the following scopes: [manage/org/public-api].
The resource can be accessed by having one of these groups of scopes:

  • [read:organization:jira-service-management]
  • [manage:servicedesk-customer]

Although I have read:organization:jira-service-management & manage:servicedesk-customer in my maniseft.yml

- read:jira-work
- read:jira-user
- read:organization:jira-service-management
- manage:servicedesk-customer
I’ve also “forge install --update” correctly, and deployed multiple times already.
I really hope someone will be able to help me, this is really important for my job.
Thank you for reading this.


I can reproduce a similar behavior when requesting the URL using asApp from a Forge app like this:

const res = await api

However, the request succeeds when the request is done as the user (so using asUser instead of asApp).

Can you confirm that you are also using asApp in the app?

I’m following up internally on what might be happening here.



I can confirm that there are some issues with the Jira Service Management behaviour when using asApp while everything should be working fine with the asUser requests.

The problems will be addressed by the second week of July.

Please also note that it might be required to create a new app so that the first installation will be done with the asUser requests directly. If you still see any issues after switching to asUser, please use the forge register command to create a new app. This will create a new app in the developer console and change the app/id in the manifest.yml file.