requestJira response status Forbidden - Forge Custom UI bridge


I have been using the requestJira bridge method trying to retrieve information about issues.

All requests I have been making have returned the status 403 (Forbidden).

import { requestJira } from '@forge/bridge';

const response = await requestJira( `/rest/api/3/issue/` + key);

response.status is 403.

I have also tried to use the requestJira method to retrieve other information and have received the same response status.

const test = await requestJira( `/rest/api/3/myself`);
const response = await requestJira(`/rest/api/3/search?expand=changelog&maxResults=100&startAt=` + i.toString() + `&jql=` + jql);

These are the permissions in the manifest.yml file.

    - read:issue-details:jira
    - read:issue-security-level:jira
    - read:issue.changelog:jira
    - read:user:jira
    - read:status:jira
    - read:audit-log:jira
    - read:avatar:jira
    - read:field-configuration:jira
    - read:issue-meta:jira
    - read:issue:jira

Any help with this issue would be greatly appreciated.

Welcome to the Atlassian Developer Community, @EvanLlolyd1!

Using the scopes you mentioned, I was able to hit the status 403 for /rest/api/3/myself. Upon further checking, you were missing 2 granular scopes - read:application-role:jira and read:group:jira - hence, the error. Once these 2 were added, the Get current user API returned a 200. Do note that when the manifest file is edited by adding a scope, you need to call forge install --upgrade to update the current installation to reflect the new scopes.

This could also be the case for your Get issue API wherein there are missing scopes (I have not tried it though). You can also use the classic scopes so that they will be less verbose.

Hope this helps.


I used the JQL editor app sample as my base code when replicating this. Feel free to use it as a reference if it will make it easier for you.