Forums
Home Product Q&A Discussion groups Articles Ask a question Search
Learning
Events
Champions

Forums

Articles
Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Product Q&A
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

API Token authentication failing. What am I doing wrong?

bmamlin
bmamlin
Contributor
June 5, 2025

I'm trying to use an API Token with Confluence Cloud and getting a 401 - Unauthorized error.

I created a scoped API token for Confluence, including all read scopes and the search scope. I'm trying to test this request:

curl -D- \
  -u <my-email>:<my-api-token> \
  -X GET \
  -H "Content-Type: application/json" \
  https://<my-domain>.atlassian.net/wiki/rest/api/space

I've triple-checked my API token and can see it listed as "Allowed" for my user in the Security > User API tokens admin screen. If I add a "-v" option to the curl command, I can see the authentication header and have verified the string following "Basic" exactly matches what I get with

echo -n <my-email>:my-api-token> | base64

It feels relatively straightforward, but I continue to get a "401 - Unauthorized" error with the text "The request has not been applied to the target resource because it lacks valid authentication credentials for that resource."

Our wiki is public and, if I remove the credentials, the REST call works properly. In fact, if I provide bogus credentials (e.g., "-u foo:bar") the request works. Why would adding username & API token fail as unauthorized?

We have a single identity provider using SAML SSO for our domain and I can see User API token access is allowed.

The fact that the very same REST call without credentials or with invalid credentials works and the request only fails as 401 Unauthorized when I use my API token suggests that I've got the correct credentials, but access is getting blocked by a missing scope or some policy I'm overlooking. I've included every single read + search scope for the API token and it sure looks like API tokens are enabled (the admin page literally tags the token as "allowed").

What am I doing wrong? I'm assuming it's something simple that's right in front of me that I'm missing. It wouldn't be the first time. :-)

Answer
Watch
Like Ndofunsu likes this
556 views

2 answers

1 accepted

2 votes
Answer accepted
Oliver Siebenmarck _Polymetis Apps_
Oliver Siebenmarck _Polymetis Apps_
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
June 6, 2025

Hi @bmamlin ,

So, you've created one of those new, scoped API tokens. These are a great addition from a security perspective, but unfortunately not very well documented. Which is why you're struggling here.

So far the un-scoped tokens used an endpoint like the one you tried, but the new scoped tokens need endpoints constructed like this:

https://api.atlassian.com/ex/confluence/{cloudid}/{api} 

That endpoint should be the only change you need to make this work.

Of course, you'll need to find out the cloudid of your instance, which you can do by simply putting this into curl/your browser:

 https://{your-domain}.atlassian.net/_edge/tenant_info

And that should be it! 

Best regards,
 Oliver

View More Comments
bmamlin
bmamlin
Contributor
June 6, 2025

Thanks Oliver!

I got my cloudid by browsing to

https://{my-domain}.atlassian.net/_edge/tenant_info

That was easy! And then I used my scoped token with a Confluence URL like this:

curl -D- \
  -u <my-email>:<my-api-token> \
  -X GET \
  -H "Content-Type: application/json" \
  https://api.atlassian.com/ex/confluence/{cloudid}/rest/api/space

and it works!

Like
Reply
1 vote
Jaime Escribano
Jaime Escribano
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
June 6, 2025

Hi @bmamlin this might be a dumb questions but does your user have the required permissions to do the API operation you are trying to achieve?

API token is only as powerful as the user it comes from 😊

 

Im not super familiar with curl but I've had success with Postman by using Basic Authentication and pasting as plain text the user and API token

postman.png

 

Regards,

Jaime Escribano

Reply

Suggest an answer

Log in or Sign up to answer
Confluence
Confluence
DEPLOYMENT TYPE
CLOUD
PRODUCT PLAN
STANDARD
PERMISSIONS LEVEL
Product Admin
TAGS
AUG Leaders

Atlassian Community Events

    See all events
    Community
    Forums
    FAQs Forums guidelines
    Learning
    About learning Resources
    Events
    Champions
    Copyright © 2025 Atlassian
    Privacy Policy Notice at Collection Terms Security
    Welcome illustration

    Welcome to the new Atlassian Community

    Online forums and learning are now in one easy-to-use experience.

    By continuing, you accept the updated Community Terms of Use and acknowledge the Privacy Policy. Your public name, photo, and achievements may be publicly visible and available in search engines.