Details
-
Bug
-
Resolution: Fixed
-
Low
-
None
-
all
-
31
-
Severity 2 - Major
-
5
-
Description
Suggestion Description
Confluence Server REST API is a simple resource that help administrators to perform operations that would take some time of their day to day activities in a couple seconds, instead of a couple minutes. It is a known fact that only basic authentication is supported when it comes to the API and the most secure you can get is through a MD5 hash in your request payload instead of sending your username and password as clear text.
Turns out that there are several ways to make the API more secure, like for instance, interacting with SAML/OKTA or even using a Token Based authentication in-app. The intent of this suggestion is to enable the use of resources like SAML/OKTA for the REST API or to enable a Token Based authentication to provide secure communication in between client and application.
Feature Requests for different applications
The same request already exists for Jira (JRASERVER-66872), will be released for BitBucket (BSERV-2722) and has been requested to Bamboo (BAM-12095) as well.
Sample Payload
Currently, if we want to create a page, for example, we would need to execute below call:
curl -u "adminuser:adminpassword" -X POST -H 'Content-Type: application/json' -d'{"type":"page","title":"PageAPI","space":{"key":"API"},"body":{"storage":{"value":"<p>This is a page</p>","representation":"storage"}}}' http://myconfluencebaseurl.com | python -mjson.tool
As can be seen above, we do need to send an username and password at the header of the request to have it working properly, which is considered insecure. This is what we would like to avoid.
Attachments
Issue Links
- is duplicated by
-
CONFSERVER-55421 Provide alternative authentication methods for REST API
- Closed
- relates to
-
- Closed
- was cloned as
-
-
- Closed
-
-
- Gathering Interest
- mentioned in
-
Page Loading...
-
-
-
-
-
-
-
-
-
-
-
-