Rate this page:

Permissions

The permissions section of the manifest.yml file controls your app's access to remote resources.

OAuth 2 scopes

The scopes list declares which OAuth 2 scopes are required by your app when using the authenticated Product Fetch APIs.

Example

Define each scope on a new line. Your app should use the minimum set of scopes required.

1
2
3
4
permissions:
  scopes:
    - 'read:confluence-content.summary'
    - 'write:jira-work'

If your app requires no OAuth 2 permissions, you must provide an empty scopes list as in the example below.

1
2
permissions:
  scopes: []

Note, Forge apps deployed in the development environment always receive all available OAuth 2 scopes.

Forge scopes

Certain platform features, such as the App storage API, are also authenticated using OAuth 2.

ScopeDescription
storage:appEnables the App storage API.

Product scopes

In addition to the reference tables below, you can find the required scopes in each product's REST API documentation on a per-operation basis in the OAuth scopes required field. Note, not all operations support OAuth 2 authentication.

Confluence Cloud

The Confluence Cloud REST API scopes.

ScopeDescription
read:confluence-content.allRead all content, including content body (expansions permitted).
Note, APIs using this scope may also return data allowed by read:confluence-space.summary. However, this scope is not a substitute for read:confluence-space.summary.
read:confluence-content.summaryRead a summary of the content, which is the content without expansions.
Note, APIs using this scope may also return data allowed by read:confluence-space.summary. However, this scope is not a substitute for read:confluence-space.summary.
write:confluence-contentCreate pages, blogs, comments, and questions.
read:confluence-space.summaryRead a summary of space information without expansions.
write:confluence-spaceCreate, update, and delete space information.
write:confluence-fileUpload attachments.
read:confluence-propsRead content properties.
write:confluence-propsWrite content properties.
search:confluenceSearch Confluence.
Note, APIs using this scope may also return data allowed by read:confluence-space.summary and read:confluence-content.summary. However, this scope is not a substitute for read:confluence-space.summary or read:confluence-content.summary.
manage:confluence-configurationManage global settings.

Jira Cloud platform

The Jira Cloud REST API scopes.

ScopeDescription
read:jira-userView user information in Jira that you have access to, including usernames, email addresses, and avatars.
read:jira-workRead project and issue data, and search for issues and objects associated with issues, such as attachments and worklogs.
write:jira-workCreate and edit issues in Jira, post comments, create worklogs, and delete issues.
manage:jira-projectCreate and edit project settings, and create new project-level objects, such as versions and components.
manage:jira-configurationConfigure Jira settings that require Jira administrator permissions, such as create projects and custom fields, view workflows, and manage issue link types.

Rate this page: