Forums
Home Q&A Discussion groups Articles Ask a question Search
Learning
Events
Champions
Community
Forums
Home Q&A Discussion groups Articles Ask a question Search
Learning Events Champions
Forums
Home Q&A Discussion groups Articles Ask a question Search
Learning Events Champions

Forums

Articles
Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Q&A
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Forge app cannot create JSM customers via /rest/servicedeskapi/customer

Peter Reiser
Peter Reiser
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Champions.
Get recognized
March 29, 2026

Hi everyone,

I’m building a Forge app for Jira Service Management and ran into a confusing issue around customer provisioning.

Our use case:

  • We sync users from an external system (PartnerProfile) into a JSM project
  • For each external user we want to:
    1. Check whether a Jira/JSM user already exists
    2. If not, create a JSM customer
    3. Add that customer to the service desk

We are doing this from a Forge backend resolver using api.asApp().requestJira(...).

Example create call:

import api, { route } from '@forge/api';

const res = await api.asApp().requestJira(
  route`/rest/servicedeskapi/customer`,
  {
    method: 'POST',
    headers: {
      'Content-Type': 'application/json',
      'X-ExperimentalApi': 'opt-in'
    },
    body: JSON.stringify({
      email,
      displayName
    })
  }
);

Manifest scopes include:

permissions:
  scopes:
    - read:jira-work
    - read:jira-user
    - read:servicedesk-request
    - write:jira-work
    - manage:servicedesk-customer
    - manage:jira-project
    - storage:app

What works:

  • Forge app is deployed and upgraded correctly
  • api.asApp().requestJira(...) works for other Jira and JSM endpoints
  • We can read project settings, project roles, and service desk related data
  • We can fetch existing Jira users with /rest/api/3/user/search
  • We can read the Service Desk Customers project role successfully
  • External system sync works fine

What fails:

  • POST /rest/servicedeskapi/customer
  • Response is always:
{
  "errorMessage": "Insufficient permission to perform requested action, JIRA Administrators global permission is required.",
  "i18nErrorMessage": {
    "i18nKey": "sd.rest.error.permission",
    "parameters": ["JIRA Administrators global permission"]
  }
}

We also observed similar issues with:

  • POST /rest/servicedeskapi/servicedesk/{serviceDeskId}/customer

Tunnel / runtime facts:

  • The logged-in user opening the Forge UI is an org/site admin
  • However, the backend call is made with api.asApp()
  • So the request is executed as the Forge app identity, not as the logged-in human user

What confuses me:

  • There are examples around using Forge asApp() with JSM customer APIs
  • Scopes appear correct
  • X-ExperimentalApi: opt-in is set
  • But runtime still rejects the call

Questions:

  • Is POST /rest/servicedeskapi/customer actually supported for Forge apps today?
  • If yes, what exact permission/setup is required beyond manage:servicedesk-customer?
  • If no, what is the recommended Forge-compatible pattern for JSM customer provisioning?
  • Is there any supported way in Forge to:
    • Create a JSM customer
    • Then add that customer to a service desk
    • Without using an external service?

For context, we already replaced the unreliable service desk customer listing API with reading the Service Desk Customers role via /rest/api/3/project/{projectKey}/role/{roleId}, and that part works fine. The blocker is specifically customer creation / assignment.

Any clarification would be really appreciated, especially if docs/examples are outdated or if this endpoint is intentionally unavailable to Forge apps.

Thanks and best regards

Peter

Answer
Watch
Like Be the first to like this
63 views

1 answer

1 vote
Arkadiusz Wroblewski
Arkadiusz Wroblewski
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Champions.
Get recognized
March 29, 2026

Hello @Peter Reiser 

POST /rest/servicedeskapi/customer is documented for Jira Service Management Cloud, and the required Forge/OAuth scope is indeed manage:servicedesk-customer. But the same endpoint also explicitly requires Jira Administrator global permission. Those two things are separate: the scope allows the app to request the operation, but it does not remove the endpoint’s own permission check. 

That also explains why your logged-in admin user does not help here. Because you are calling api.asApp(), the request runs as the app identity, not as the human opening the UI. Forge’s own docs make that distinction pretty clearly for asApp.

So the error message actually makes sense For me. 

Reply

Suggest an answer

Log in or Sign up to answer
Jira Service Management
Jira Service Management
DEPLOYMENT TYPE
CLOUD
PRODUCT PLAN
PREMIUM
PERMISSIONS LEVEL
Product Admin
TAGS
AUG Leaders

Atlassian Community Events

    See all events
    Community
    Forums
    FAQs Forums guidelines
    Learning
    About learning Resources
    Events
    Champions
    Copyright © 2026 Atlassian
    Privacy Policy Notice at Collection Terms Security