Specifying Forge remotewildcard endpoints

Hi all, hope this use case for Forge Custom-UI can be resolved to allow data residency for our app. (Context, we only store data into Forge Storage, and we use the fetch API only to make Confluence REST API calls.

Why not use the existing asApp/asUser invoke context?
Currently, asApp/asUser has limitations on certain rest api endpoints, so we had to store user API tokens in Forge storage (as Secrets), to allow fetch calls acting as the API token user.

Problem with using forge invoke to achieve realm pinning eligibility
Previously, we exposed a backend with the wildcard “*.atlassian.net” to allow our custom ui resolver to make the ‘external’ calls to the users site, being site dependent on where the app was installed.

(Scopes omitted from manifest examples)

permissions:
  external:
    fetch:
      backend:
        - "*.atlassian.net"

The suggestion is to use forge-remotes for the backend in the manifest to allow the app to be marked as eligible for realm pinning (due to not storing data elsewhere except in forge storage API).

permissions:
  external:
    fetch:
      backend:
        - remote: remote-backend
remotes:
  - key: remote-backend
    baseUrl: "*.atlassian.net"
    operations:
      - fetch

When attempting to make invokeRemote calls, the app returns 401 errors with the following:

Error: There was an error invoking the function - Invalid URL: *.atlassian.net

Any pointers on how to enable forge-remote using fetch purely on internal atlassian rest APIs for the site the app is installed on?

For anyone still having a similar problem, https://developer.atlassian.com/platform/forge/apis-reference/fetch-api-product.requestconfluence/#unauthenticated-example allows calls internal to the route without the need to expose external fetch backend

1 Like