Hi @Thanh Le ,
That 403 Forbidden on the /rest/api/3/attachment/content/{id} endpoint in Forge is usually due to missing scopes in your app's manifest.yml. And the direct img src like your example won't work because it lacks auth (Forge runs in a sandbox without direct browser access to protected APIs).
Can you help me check if your manifest.yml is updated with read access, and then re-deploy? -> permissions: scopes: - 'read:attachment:jira' ?
This fetches binary content as a blob (avoids JSON parse errors), converts to data URL for img. If 403 persists after scope, check app logs (forge logs) for details, you might need read:jira-work too.
IF the above direct fetch fails, try the work-around using /rest/api/3/attachment/{id} for metadata, then construct public download URL if public attachments.
Hope the below documents are helpful for you:
Hope everything works out well for you.
Best regards,
Peter
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.