Confluence
- 02 Sep 2024
- 2 Minutes to read
- Contributors
- Print
- DarkLight
Confluence
- Updated on 02 Sep 2024
- 2 Minutes to read
- Contributors
- Print
- DarkLight
Article summary
Did you find this summary helpful?
Thank you for your feedback
Connection
Confluence can be connected through either an API Token or an OAuth2 (SSO) connection.
API Token: This method does not offer scoping options for permissions granularity. An advantage is that the API Token does not expire or require renewal.
SSO Connection: In contrast, the SSO connection allows for permissions granularity. However, periodic refreshing may be required in line with Atlassian's token policy.
API Token
To create an API Token, go to the security page in the user profile section of the Atlassian UI. The API Tokens can be generated here: https://id.atlassian.com/manage-profile/security/api-tokens
SSO Connection
The SSO connection utilizes the connecting user's credentials and will request specific read scopes as part of the setup process.
read:me
offline_access
report:personal-data
read:space:confluence
read:content.property:confluence
read:content:confluence
read:content-details:confluence
read:custom-content:confluence
read:attachment:confluence
A full list of scopes and descriptions can be found here:https://developer.atlassian.com/cloud/confluence/scopes-for-oauth-2-3LO-and-forge-apps/
Supported Resources
Pages
Pages Attachments
Filtering and Selection
When connecting, you have the option to refine the index scope of the connected account by selecting specific Spaces. However, it's important to note that this does not alter the token's (credentials) scope - the token retains access to all available spaces.
Sync
Initial Connection: The integration fetches all pages and attachments from the selected spaces.
Post-Initial Sync: Updates in each space are captured by the integration every 15 minutes.
API Calls
Below is a table outlining the main endpoints used by the integration:
Endpoint | Docs | Purpose |
|---|---|---|
/rest/api/space | List spaces of the account | |
/rest/api/content/search | List and search pages and attachments within a space |
Resource Level Permissions (RLP)
RLP is implemented in Confluence to ensure that shared links adhere to the set permissions within Confluence. More information about RLP Links and other link types can be found in the provided documentation.
Prerequisite
To enable RLP mode in Confluence, our Atlassian Connect App must be installed. This app allows us to index and synchronize users and groups, enabling permission enforcement.
Installation Guide
Follow these steps to install the app:
Confluence Installation for Permission-Based Link
Sign in to your Confluence workspace. If you are already signed in and have multiple workspaces, ensure you are signed into the correct account for the intended workspace.
Go to Apps > Manage your apps
Click on Settings at the bottom of the page
Ensure that the Enable private listings and Enable development mode options are checked and hit Apply.
Refresh the page, and click on the Upload app button that appears.
Fill in the app descriptor URL -
https://confluence.unleashing.app/install/descriptor
Wait for the app to install successfully. Please let us know if the installation fails.
Scopes
The required scopes for the Connect App are:
ACT_AS_USER
READ
ACCESS_EMAIL_ADDRESSESA comprehensive list of scopes and their descriptions is available here: https://developer.atlassian.com/cloud/confluence/scopes-for-connect-apps/.
Connection
Two methods are available for connecting the RLP link:
As App User: Accesses resources based on a user created during the app installation.
As Impersonated User: Accesses resources based on the credentials of the connecting user.
Additional API Calls
Additional endpoints used for permission enforcement are listed in the table below:
Endpoint | Docs | Purpose |
|---|---|---|
/rest/api/search/user | List users connected to Confluence | |
rest/api/user/email/bulk | Match Confluence accounts with email addresses | |
/rest/api/group | List groups connected to Confluence | |
/rest/api/group/{groupId}/membersByGroupId | List all members of specific group |
Was this article helpful?