Uploaded image for project: 'Confluence Data Center'
  1. Confluence Data Center
  2. CONFSERVER-54412

REST API - Improved HTTP Authentication

XMLWordPrintable

      Suggestion Description

      Confluence Server REST API is a simple resource that help administrators to perform operations that would take some time of their day to day activities in a couple seconds, instead of a couple minutes. It is a known fact that only basic authentication is supported when it comes to the API and the most secure you can get is through a MD5 hash in your request payload instead of sending your username and password as clear text.

      Turns out that there are several ways to make the API more secure, like for instance, interacting with SAML/OKTA or even using a Token Based authentication in-app. The intent of this suggestion is to enable the use of resources like SAML/OKTA for the REST API or to enable a Token Based authentication to provide secure communication in between client and application.

      Feature Requests for different applications

      The same request already exists for Jira (JRASERVER-66872), will be released for BitBucket (BSERV-2722) and has been requested to Bamboo (BAM-12095) as well.

      Sample Payload

      Currently, if we want to create a page, for example, we would need to execute below call:

      curl -u "adminuser:adminpassword" -X POST -H 'Content-Type: application/json' -d'{"type":"page","title":"PageAPI","space":{"key":"API"},"body":{"storage":{"value":"<p>This is a page</p>","representation":"storage"}}}' http://myconfluencebaseurl.com | python -mjson.tool

      As can be seen above, we do need to send an username and password at the header of the request to have it working properly, which is considered insecure. This is what we would like to avoid.

          Form Name

            [CONFSERVER-54412] REST API - Improved HTTP Authentication

            Cathy S made changes -
            Remote Link New: This issue links to "Page (Confluence)" [ 892399 ]
            Cathy S made changes -
            Remote Link New: This issue links to "Page (Confluence)" [ 883572 ]
            Rob made changes -
            Remote Link New: This issue links to "Page (Confluence)" [ 565130 ]
            Makisa Appleton made changes -
            Remote Link Original: This issue links to "Page (Confluence)" [ 505026 ]
            Matthew Saxby (Inactive) made changes -
            Resolution New: Fixed [ 1 ]
            Status Original: Long Term Backlog [ 12073 ] New: Closed [ 6 ]
            SET Analytics Bot made changes -
            UIS Original: 10 New: 5
            SET Analytics Bot made changes -
            UIS Original: 14 New: 10
            SET Analytics Bot made changes -
            UIS Original: 15 New: 14
            Thiago Masutti made changes -
            Link New: This issue relates to CONFSERVER-57389 [ CONFSERVER-57389 ]
            Brendan McNamara made changes -
            Remote Link New: This issue links to "Page (Confluence)" [ 511035 ]

              bmcnamara Brendan McNamara
              mhorlle Marcelo Horlle
              Affected customers:
              27 This affects my team
              Watchers:
              31 Start watching this issue

                Created:
                Updated:
                Resolved: