I’m building a Forge app (jira:issuePanel + jira:customField) that needs to query the Atlas/Townsquare projects GraphQL API from a resolver. Same-instance install (sandbox Jira → sandbox Atlas).
Call:
const response = await api.asApp().requestJira(route/gateway/api/graphql, {
method: ‘POST’,
headers: { ‘Content-Type’: ‘application/json’ },
body: JSON.stringify({
query: query ProjectsSearch($containerId: String!, $searchString: String!) { projects_search(containerId: $containerId, searchString: $searchString) { edges { node { id name } } } } ,
variables: {
containerId: “ari:cloud:townsquare::workspace/”,
searchString: “”,
},
}),
});
Response: 401 {“code”:401,“message”:“Unauthorized; scope does not match”}
Current manifest scopes:
permissions:
scopes:
- read:jira-work
- read:jira-user
- storage:app
What I’ve tried:
- read:project:projects — rejected by forge lint as invalid
- read:project-status:projects — rejected
- read:project-update:projects — rejected
- read:goal:projects — rejected
- Basic auth with a user API token (same-instance gateway URL) — also 401
- api.asUser() — NEEDS_AUTHENTICATION_ERR
The forge lint validator clearly knows there’s a real namespace; I just can’t find the right strings. The Forge permissions reference page (developer.atlassian.com/platform/forge/manifest-reference/permissions/) lists scopes for
Jira/Confluence/Bitbucket/Compass/JSM but nothing for Atlas/Townsquare/Projects.
Question: What are the exact Forge permissions.scopes strings needed to call projects_search and projects_byId from a Forge resolver? Is there a published scopes reference for Atlas/Projects that I’m missing?
Thanks.