What exactly should be secured by licensing checks?

According to Listing Forge apps (atlassian.com), for a licensed app “you should check the license status of your app when your functions are invoked”.

Does that apply only to invocation via the front-end elements (e.g. on accessing a custom ui admin page)?
What about webtriggers? I guess, their invocations should probably license checked?
What about resolver functions, are they secured to be accessible only from the app’s front-end, so a license check wouldn’t be necessary?

1 Like

Hi @UdoHagemannDecadisAG,

Essentially, it’s up to you what you want to put behind a license check. Of course, you want the core functionality of your product to require a valid license. But for other things, such as import/export of configuration data, it might make sense to still provide the functionality, even if the customer doesn’t have a valid license.

The forge functions are still invoked no matter whether you decide to check the license in them, or not. I.e. this is not so much a question about forge, but about how you want to design your app.

Hope this helps! :slight_smile:


1 Like

Thanks, @sven.schatter !

An short update

  • Revoke functions could be called directly quite easily, if you’re in control of the cloud environment, so probably a good idea to check licensing on them, if needed
  • No licensing information acquirable on webtriggers
1 Like

hi,How can I set forge app to charge?and Do you know how to configure forge app when adding forge app to license?

Hi, not that I’m an AMP expert, but the description in “Listing Forge apps” (see original post) did work for us so far. Cheers, Udo

hi,I have added liscense according to the “Listing Forge apps”,but an error will be reported when installing it into the production environment.This mistake is Error: Failed to license app for product jira because this app has not been configured to support this product.Have you ever had this problem?