Forbidden (403) when trying to access /rest/api/1.0/search with atlassian connect express

CK November 8, 2014

I am trying to follow the examples for atlassian connect express

...
	"scopes": ["READ"],
	"modules": {
	"generalPages": [
	{
		"key": "activity-page-jira",
		"location": "system.top.navigation.bar",
		"name": {
			"value": "test activity"
		},
		"url": "/test-activity",
		"conditions": [{"condition": "user_is_logged_in"}]
...

JS-Code in index.js

...
app.get('/test-activity', addon.authenticate(), function (req, res) {
	var httpClient = addon.httpClient(req);
	httpClient.get('/rest/api/1.0/search', function(err, res, body) {
		console.log(res);
	});
	...
}
...

Error in JIRA log:

 Request not in an authorized API scope from add-on

 

 

2 answers

3 votes
CK November 8, 2014

The error message is a bit misleading. Figured it out 5 min after posting the question. Leaving it here for reference.

Turns out the version of the service was wrong. Works with 

/rest/api/latest/search

Make sure to double check the list here for version and call you want to use:

https://developer.atlassian.com/static/connect/docs/scopes/jira-rest-scopes.html

0 votes
Anton Maslo July 2, 2015

Also note that only the API that is included in the list of JIRA / Confluence scopes is exposed for Connect addons: https://developer.atlassian.com/static/connect/docs/latest/scopes/jira-rest-scopes.html

So I am getting a 403 on /rest/webhooks/1.0/webhook API (on "latest" too), and looks like it is the way it is supposed to work—even though a direct request via CURL works fine.

I gathered this information from several responses in the Google Group for Atlassian-Connect-Dev, for example: https://groups.google.com/forum/#!searchin/atlassian-connect-dev/addon$20scope/atlassian-connect-dev/SYRXJo1SyDo/9Z6v8ndwclEJ

Suggest an answer

Log in or Sign up to answer