Forums
Home Q&A Discussion groups Articles Ask a question Search
Learning
Events
Champions
Community
Forums
Home Q&A Discussion groups Articles Ask a question Search
Learning Events Champions
Forums
Home Q&A Discussion groups Articles Ask a question Search
Learning Events Champions

Forums

Articles
Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Q&A
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources
  • Community
  • Q&A
  • Jira
  • Questions
  • Seeking guidance: How to access Forge Storage data from external systems via webhook or equivalent p

Seeking guidance: How to access Forge Storage data from external systems via webhook or equivalent p

Pedro Morocho
Pedro Morocho
June 5, 2025

Hello community,

I've been reviewing the official Forge documentation, specifically around web triggers and the Storage API. Based on that reading, I'm trying to understand if there's a recommended approach to expose or retrieve data stored in Forge Storage from external (non-Atlassian) systems, ideally through a webhook or similar mechanism.

Goal

I would like to establish a secure and structured way to retrieve previously stored data in Forge’s Storage API from an external service, using an incoming HTTP call (similar to a webhook or custom API endpoint).

Desired Data Flow (Text Diagram)

 

 +----------------------+
| External System |
+----------------------+
                 |
[HTTP GET/POST Request]
                 |
                 v
+------------------------+
| Forge Web Trigger |
| (Validates + Routes) |
+------------------------+
                 |
[Calls storage.get(key)]
                 |
                v
+------------------------+
| Forge Storage API |
| (Returns stored data) |
+------------------------+
                 |
[JSON response with data]
                 |
                 v
+----------------------+
| External System |
+----------------------+
 

What I’ve found so far

  • I can define a webtrigger in Forge and receive external requests.

  • The function invoked by the trigger can access data via storage.get(...).

  • However, web triggers have no authentication by default, so any secure interaction must be implemented manually.

  • I haven’t found any examples or documentation suggesting a recommended pattern for exposing Forge storage data externally in a secure way.

  • I'm also not sure if there's anything on the Forge roadmap regarding this type of integration.

My Questions for the Community

  1. Is there any officially recommended or secure way to expose Forge Storage data to external systems?

  2. Are there any architectural patterns or examples that demonstrate this kind of usage?

  3. Has Atlassian considered support for authenticated external access to Forge Storage (e.g. via token-authenticated API routes)?

  4. Is there additional documentation or best practices I should look into for this use case?

- https://developer.atlassian.com/platform/forge/remote/
- https://developer.atlassian.com/platform/forge/runtime-reference/storage-api/
- https://developer.atlassian.com/platform/forge/manifest-reference/modules/web-trigger/
- https://community.developer.atlassian.com/t/rest-api-call-from-forge-app-as-user/85376
- https://community.atlassian.com/forums/Automation-questions/Unable-to-Create-Webhooks-via-API-in-Forge-App/qaq-p/2730140
- https://community.developer.atlassian.com/t/how-to-call-external-api-using-forge-app/77741
- https://community.developer.atlassian.com/t/user-created-event-for-forge-webhooks/75039
- https://www.alphaservesp.com/blog/atlassian-forge-everything-you-need-to-know
- https://community.developer.atlassian.com/t/lets-chat-about-connect-webhooks-forge-events/56740
- https://developer.atlassian.com/platform/forge/events-reference/web-trigger/
- https://developer.atlassian.com/platform/forge/runtime-reference/storage-api/

Answer
Watch
Like Dave Liao likes this
1327 views

1 answer

0 votes
Mercy
Mercy
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Champions.
Get recognized
December 9, 2025

Forge does not currently provide a native, token-authenticated REST endpoint for direct external access to Storage API data, so the secure pattern is to wrap that access in a [web trigger module](https://developer.atlassian.com/platform/forge/manifest-reference/modules/web-trigger/) that implements your own authentication layer. A web trigger can invoke `storage.get()` within its handler to retrieve the stored values, but because web triggers are publicly reachable URLs without built‑in auth, you must enforce security in code — for example by requiring a shared secret in the request payload or headers, validating an HMAC signature, or checking an OAuth/JWT token before returning any data.

Reply

Suggest an answer

Log in or Sign up to answer
Jira
Jira
DEPLOYMENT TYPE
CLOUD
PRODUCT PLAN
FREE
PERMISSIONS LEVEL
Product Admin
TAGS
AUG Leaders

Atlassian Community Events

    See all events
    Community
    Forums
    FAQs Forums guidelines
    Learning
    About learning Resources
    Events
    Champions
    Copyright © 2025 Atlassian
    Privacy Policy Notice at Collection Terms Security