Hey! Hoping someone can help me shed some light into what might be going on.
Background: I am trying to build a forge merge check app that will enforce a PR has 2 approvals from reviewers in a certain group.
I'm making a few different API calls, mostly using the BB API asApp(). I'm also calling the groups endpoint (https://api.bitbucket.org/1.0/groups/{workspaceUuid}/{groupSlug}/members) using basic auth (base64 encoded UN:APP_PASS).
I have the code written, and when testing through "forge tunnel" it is working as expected! However, when I am testing the true development version without tunneling, I am getting a "403 - forbidden" back from the groups endpoint.
I confirmed it is not an app password permissions issue, as a CURL request to the endpoint works fine.
We do have IP allowlisting setup for our workspace. I tested hitting the endpoint off our network and receive a "403 - an admin must whiteslist your IP". However I see a different error message when the forge app is running, leading me to believe it isn't an IP whitesliting issue.
In the forge app manifest, I am allowing calls to the bitbucket API through the external desigantion: ```
permissions:
    external:
        fetch:
            backend:
                - 'https://api.bitbucket.org'
```
Any thoughts as to what might be going on?
Hi @Jeroen De Raedt thanks for the info!
I was able to find that there are many Bitbucket API endpoints not yet available through Forge. I assumed this meant they are not supported via the Forge API requestBitbucket() method, but would still be available when treated as an external API.
So to confirm, the only Bitbucket REST API endpoints that a Forge App can hit, regardless of how they are called, are the endpoints with Forge App scopes?
Correct @John Michael Hayde. However, these APIs should cover most capabilities. Let us know if there is something missing!
@JER Thanks for confirming! I'm trying to check if a user is a member of a certain group. Based on the endpoints supported for Forge, it doesn't look like this is possible. Can get all users in a workspace, but that info doesn't include group membership.
I also looked into looking this up by the user endpoints, but it doesn't look like those contain group membership info or are available from Forge apps.
Let me know if there is another way to get this info however. Thank you!
Hello, does this mean that the Forge fetch filters other URLs, too? I am trying to get data from an external URL, and as a test, I am using https://example.net/.
However, I always receive a 403...
Here are my permissions:
permissions:
scopes:
- 'read:jira-work'
external:
fetch:
backend:
- 'example.net'
client:
- 'example.net'
Here is my call...
const templateResult = await fetch(
"https://example.net/"
);
console.log(templateResult);
Here is the result:
[Symbol(Response internals)]: {
url: 'https://example.net/',
status: 403,
statusText: 'Forbidden',
headers: Headers { [Symbol(map)]: [Object: null prototype] },
counter: 0
}
@Jason Peterson, native Forge only allows interactions within the Atlassian platform. You can integrate with remote domains through Forge remote: https://developer.atlassian.com/platform/forge/remote/