Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Product Q&A
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

403 Forbidden Calling BitBucket REST API in Forge App

John Michael Hayde
John Michael Hayde April 22, 2024

Hey! Hoping someone can help me shed some light into what might be going on. 

 

Background: I am trying to build a forge merge check app that will enforce a PR has 2 approvals from reviewers in a certain group. 

 

I'm making a few different API calls, mostly using the BB API asApp(). I'm also calling the groups endpoint (https://api.bitbucket.org/1.0/groups/{workspaceUuid}/{groupSlug}/members) using basic auth (base64 encoded UN:APP_PASS). 

 

I have the code written, and when testing through "forge tunnel" it is working as expected! However, when I am testing the true development version without tunneling, I am getting a "403 - forbidden" back from the groups endpoint. 

 

I confirmed it is not an app password permissions issue, as a CURL request to the endpoint works fine. 

 

We do have IP allowlisting setup for our workspace. I tested hitting the endpoint off our network and receive a "403 - an admin must whiteslist your IP". However I see a different error message when the forge app is running, leading me to believe it isn't an IP whitesliting issue.

 

In the forge app manifest, I am allowing calls to the bitbucket API through the external desigantion: ```

permissions:
    external:
        fetch:
            backend:
                - 'https://api.bitbucket.org'

```

 

Any thoughts as to what might be going on? 

Answer
Watch
Like Be the first to like this
1215 views

1 answer

Suggest an answer

Log in or Sign up to answer
1 vote
Jeroen De Raedt
Jeroen De Raedt
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
April 22, 2024

Hi @John Michael Hayde

only a subset of the Bitbucket REST APIs are available through Forge. Specifically the ones that have Forge app scopes: https://developer.atlassian.com/cloud/bitbucket/rest/intro/#forge-app-scopes 

The API you referenced (https://api.bitbucket.org/1.0/groups/{workspaceUuid}/{groupSlug}/members) is not supported.

Maybe try this API: https://developer.atlassian.com/cloud/bitbucket/rest/api-group-workspaces/#api-workspaces-workspace-members-get

I hope this helps? 

View More Comments
Reply
John Michael Hayde
John Michael Hayde April 23, 2024

Hi @Jeroen De Raedt thanks for the info! 

 

I was able to find that there are many Bitbucket API endpoints not yet available through Forge. I assumed this meant they are not supported via the Forge API requestBitbucket() method, but would still be available when treated as an external API. 

 

So to confirm, the only Bitbucket REST API endpoints that a Forge App can hit, regardless of how they are called, are the endpoints with Forge App scopes? 

Like
Jeroen De Raedt
Jeroen De Raedt
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
April 23, 2024

Correct @John Michael Hayde. However, these APIs should cover most capabilities. Let us know if there is something missing! 

Like
John Michael Hayde
John Michael Hayde April 24, 2024

@JER Thanks for confirming! I'm trying to check if a user is a member of a certain group. Based on the endpoints supported for Forge, it doesn't look like this is possible. Can get all users in a workspace, but that info doesn't include group membership.

 

I also looked into looking this up by the user endpoints, but it doesn't look like those contain group membership info or are available from Forge apps.

 

Let me know if there is another way to get this info however. Thank you! 

Like
Jason Peterson
Jason Peterson
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
Get involved
June 4, 2024

Hello, does this mean that the Forge fetch filters other URLs, too? I am trying to get data from an external URL, and as a test, I am using https://example.net/.

However, I always receive a 403...

Here are my permissions:

permissions:
  scopes:
    - 'read:jira-work'
  external:
    fetch:
      backend:
        - 'example.net'
      client:
        - 'example.net'

Here is my call...

const templateResult = await fetch(
  "https://example.net/"
);

console.log(templateResult);

Here is the result:

[Symbol(Response internals)]: {
url: 'https://example.net/',
status: 403,
statusText: 'Forbidden',
headers: Headers { [Symbol(map)]: [Object: null prototype] },
counter: 0
}

Like
Jeroen De Raedt
Jeroen De Raedt
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
June 4, 2024

@Jason Peterson, native Forge only allows interactions within the Atlassian platform. You can integrate with remote domains through Forge remote: https://developer.atlassian.com/platform/forge/remote/ 

Like
groups-icon
Forge for Bitbucket Cloud
TAGS
AUG Leaders

Atlassian Community Events

    See all events