Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
It's not the same without you

Join the community to find out what other Atlassian users are discussing, debating and creating.

Atlassian Community Hero Image Collage

rest api: access to new page (unpublished, never published) forbidden 403


Hello, I want to work with attachments - via REST API - at new confluence page. (Never published.)

URL of such page:

Result - http 403 - forbidden. (Or 404 not found.)

I tried:

POST /rest/api/content/109215748/child/attachment?status=draft ... 403 forbidden
POST /rest/api/content/109215748/child/attachment ... 404 not found
GET /rest/api/content/109215748?status=draft ... 403 forbidden
GET /rest/api/content/109215748 ... 404 not found
GET /rest/api/content/109215748/child/attachment?filename=xxx ... 403 forbidden
GET /rest/api/content/109215748/child/attachment?filename=xxx&status=draft ... 403 forbidden


We call confluence REST API from addon running in Tomcat - signing via JWT.

"scopes": ["read", "write", "delete"]

Also tried with

"scopes": ["admin"]

The same calls on published page works fine:

GET /rest/api/content/65538/child/attachment?filename=xxx ... OK http 200
GET /rest/api/content/65538/child/attachment?filename=xxx&status=draft ... OK http 200

Both pages (unpublished and published) where created by myself via "+" (blueprint dialog) as empty. (I filled a caption and put a simple sentence.)

More over, after I have published the page 109215748, the same REST APIs started to work.



We are developing plugin Xyz for cloud. (There is already working Xyz for server Confluence.)

The plugin lets users to save data. Data is saved as confluence attachment.

The plugin also lets users to save data at new - never published page.

The plugin Xyz for server-confluence works fine - saving attachment at unpublished page works.
I would like the plugin Xyz for cloud to work fine as well.


Can you help me?

1 answer

1 accepted

1 vote
Answer accepted

For anyone still struggling with this: we managed to retrieve an unpublished page (Draft) by making a user impersonated call ( instead of JWT. Also manipulating with attachments works fine with user impersonation as soon as you append `status=draft` to the url.

Suggest an answer

Log in or Sign up to answer
Community showcase
Published in Confluence Cloud

🏠 Say hello to the new Confluence Home!

Hi Atlassian Community, My name is DJ Chung, and I’m a Product Manager on the Confluence Cloud team. Today, I’m excited to share a new and improved version of Home. The new Home helps you ...

985 views 7 42
Read article

Community Events

Connect with like-minded Atlassian users at free events near you!

Find an event

Connect with like-minded Atlassian users at free events near you!

Unfortunately there are no Community Events near you at the moment.

Host an event

You're one step closer to meeting fellow Atlassian users at your local event. Learn more about Community Events

Events near you