Showing results for 
Search instead for 
Did you mean: 
Sign up Log in

Earn badges and make progress

You're on your way to the next level! Join the Kudos program to earn points and save your progress.

Deleted user Avatar
Deleted user

Level 1: Seed

25 / 150 points

Next: Root


1 badge earned


Participate in fun challenges

Challenges come and go, but your rewards stay with you. Do more to earn more!


Gift kudos to your peers

What goes around comes around! Share the love by gifting kudos to your peers.


Rise up in the ranks

Keep earning points to reach the top of the leaderboard. It resets every quarter so you always have a chance!


Confluence (Data Center): How to verify via Rest API if OAuth2 Access Token is valid?



I am currently implementing a generic Confluence Application Link with OAuth2 as described here.

In general my Groovy script that should consume the Rest API of Confluence has access via OAuth2 access token and is able to get a new access token with a refresh token.

But right now I don´t know how to verify if the current access token is still valid or should be refreshed when running the script.

I wonder if there is a OAuth2 Rest Api method for Atlassian products like mentioned here, to do such a verification. Unfortunately I did not find any hint in the Atlassian docs about this. I hope that this can be done on-the-fly and not in a way like storing the "expires_in" attribute during the generation of the access token and perform the validation against this stored attribute.

Thanks in advance & best regards,


1 answer

0 votes
Fabio Racobaldo _Herzum_
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
Sep 24, 2023

Hi @Christian Schlaefcke ,

in my opinion you need to invoke one of the rest api provided (as a test) using your access token and based on the response your script can figure out if the token is still valid or if a new token need to be generated again.


Hi Fabio,

I already headed in that direction and found that checking the response for something like "access denied" might not be reliable/specific enough.

In my specific situation I ended up in an infinite loop because I just fetched the exception from the Rest API Client and then triggered the refresh. But as the exception was thrown because of another reason the refresh did not succeed and so it repeated again and again ... No I stand at the point of decision: response check vs. specific token verification. And I´d still prefer the specific verification if possible.

I actually thought that explicitly checking/verifying the status of an access token would be pretty obvious and I wonder why this is not possible with Atlassian´s Rest API - whereas it seem to be available with other Rest API Solutions like Google, Microsoft, etc.

What do you think?

Best Regards, Christian

Suggest an answer

Log in or Sign up to answer
AUG Leaders

Atlassian Community Events