Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Product Q&A
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

How to get the user API token dynamically for confluence cloud for API calling? Is there any way / a

Saaket Gupta
Saaket Gupta May 15, 2023

How to get the user API token dynamically for confluence cloud for API calling? Is there any way / any API for getting API token for all the API calls? If no, are there any alternatives to Basic Auth for API calling?
The confluence cloud official documentation only mentions user email and API token for all the REST API calling and we pass and get them from our env variables. But if a new user tries to use our app, we have to update our env variables with their API token which is not possible every time a user wants to use our app integration. Thus we need to get an alternative to using API token but in the docs all the API calling have Basic Auth (user email and API token) as their auth type.

THIS IS REALLY URGENT SO IF ANYONE CAN PROVIDE US ANY INPUT ASAP IT WILL BE REALLY HELPFUL.

Answer
Watch
Like Be the first to like this
682 views

1 answer

0 votes
David Bakkers
David Bakkers
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
May 15, 2023

I suggest you re-read the of Authentication and Authorisation section of Confluence's REST API documentation again, as it very specifically says that you should use OAuth 2.0 to do 'dynamic' authentication to achieve user impersonation, which is the only 'alternative' to calling directly against the REST API endpoints with Basic Auth and individual user tokens.

Also, you duplicated this question in the Developer Community, where you were given the same answer.

View More Comments
Saaket Gupta
Saaket Gupta May 15, 2023

Hi David,

Thank you for your response.

I have read the docs link you shared and also read the https://developer.atlassian.com/cloud/confluence/security-for-connect-apps/ docs where it is told to declare the 'authentication' type as 'jwt' in the descriptor file and then call the APIs. But I am still confused about the process. I have few doubts:

Will there be any change in the REST API endpoints? For example the below API:

--url 'https://{your-domain}/wiki/api/v2/pages/{id}/labels'

--user 'email@example.com:<api_token>'

--header 'Accept: application/json'

In the above, We are passing the email and api token as auth headers for basic auth. My question is after I declare the jwt auth type in my descriptor file, what should I pass to the above API as auth header? 

All of my app APIs are from https://developer.atlassian.com/cloud/confluence/rest/v1/intro/#about and https://developer.atlassian.com/cloud/confluence/rest/v2/intro/#about docs where only basic auth has been mentioned.

I haven't found any change in API or API calling process comparison between the Basic Auth calling and the OAuth calling. I am a bit confused on how to change my auth setup. Could you please clear my doubts?

Thanks in advance..

Like
Saaket Gupta
Saaket Gupta May 16, 2023

Hi @David Bakkers 

Thank you for your response.

I have read the docs link you shared and also read the https://developer.atlassian.com/cloud/confluence/security-for-connect-apps/ docs where it is told to declare the 'authentication' type as 'jwt' in the descriptor file and then call the APIs. But I am still confused about the process. I have few doubts:

Will there be any change in the REST API endpoints? For example the below API:

--url 'https://{your-domain}/wiki/api/v2/pages/{id}/labels'

--user 'email@example.com:<api_token>'

--header 'Accept: application/json'

In the above, We are passing the email and api token as auth headers for basic auth. My question is after I declare the jwt auth type in my descriptor file, what should I pass to the above API as auth header? 

All of my app APIs are from https://developer.atlassian.com/cloud/confluence/rest/v1/intro/#about and https://developer.atlassian.com/cloud/confluence/rest/v2/intro/#about docs where only basic auth has been mentioned.

I haven't found any change in API or API calling process comparison between the Basic Auth calling and the OAuth calling. I am a bit confused on how to change my auth setup. Could you please clear my doubts?

Thanks in advance.

Like
Reply

Suggest an answer

Log in or Sign up to answer
Confluence
Confluence
DEPLOYMENT TYPE
CLOUD
PRODUCT PLAN
FREE
PERMISSIONS LEVEL
Product Admin
TAGS
AUG Leaders

Atlassian Community Events

    See all events