How to validate email and token in external API to make sure call came from JIRA forge app only

Ritesh Khatri February 21, 2024

we have created forge app and need to call external API to get some information of our external API. We have implemented authentication before return the response. How we make sure the API is called from JIRA forge app only.

1 answer

0 votes
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
March 5, 2024

Hi @Ritesh Khatri. If your external API utilizes OAuth 2.0, there see the Forge docs on external authentication.

Additionally, you can have your external API service check the hostname/IP address of the incoming request (from Atlassian). See this page for IP addresses and domains for Atlassian cloud products.

Ritesh Khatri March 14, 2024

thanks for answering.


the link you have gave that is part of the forge app code. But my concern is calling external API. In which i want to authenticate in external API which developed in node.js or .net core. Where i can validate the token is valid or called from the valid JIRA forge app call.



Suggest an answer

Log in or Sign up to answer
Site Admin
AUG Leaders

Atlassian Community Events