This documentation does not include all REST API endpoints. Please contact support if you need REST API access not documented here. All REST API endpoints are available in the REST API Browser.

Using the REST API Browser

Confluence Data Center includes a built-in REST API Browser to see all the REST API endpoints available in your instance, including those provided by Security for Confluence. Follow Atlassian’s instructions for Using the REST API Browser first, to ensure that you can access it.

To see all Security for Confluence REST endpoints, ensure that “Show only public APIs” is unchecked, and search for security/.

Authentication and basic parameters

Reference the Confluence REST API for Confluence’s built-in REST API, which is useful for getting lists of Spaces, content IDs in spaces, and so forth.

All requests use basic HTTP authentication. It is natively supported by most clients, such as python requests and curl.

All the URLs in the examples below are relative to the address of the Confluence instance.

Disabling XRSF checks

Some of these API calls will fail by default if called from a host that is not part of the Confluence instance. To enable calling these APIs remotely, you may add the following header as documented here:

Example (curl):

curl -u admin -H "X-Atlassian-Token: no-check" $URL
BASH

Example (Python):

disable_xsrf_checks_header = {
    "X-Atlassian-Token": "no-check"
}
requests.get(url, auth=(username, password), headers=disable_xsrf_checks_header)
PY

Running Scans and Getting Results

You must be a space administrator to run scans and get scan results.

Getting Scan Results for a Space

curl -u admin "https://{confluence-address}/rest/security/latest/scan/space/{key}?page={page}&size={size}&reviewed={reviewed}"
CODE

where

  • key is the case-sensitive key for the space in question,

  • page is the 0-indexed page of findings results to fetch,

  • size is an optional parameter to specify the number of results per page to fetch, and

  • reviewed is an optional parameter which can be used to filter the findings by if they’re reviewed or not. If omitted, both reviewed and unreviewed findings are returned.

Confluence Space keys are case-sensitive. You can verify the case of the space key on the space details page.

Getting Scan Results for a Content Version

curl -u admin "https://{confluence-address}/rest/security/latest/scan/content/{id}?createdWhen={createdWhen}&reviewed={reviewed}&page={page}&size={size}"
CODE

where

  • id is the content ID,

  • createdWhen is when the version of the content was created (e.g., 2021-08-15T17:54:36.860-05:00),

  • page is the 0-indexed page of findings results to fetch,

  • size is an optional parameter to specify the number of results per page to fetch, and

  • reviewed is an optional parameter which can be used to filter the findings by if they’re reviewed or not. If omitted, both reviewed and unreviewed findings are returned.

Getting the Export Report for All Spaces the User can Administer

curl -u admin "https://{confluence-address}/rest/security/latest/export/findings"
CODE

Getting the Export Report for a Space

curl -u admin "https://{confluence-address}/rest/security/latest/export/space/{key}/findings"
CODE

where

  • key is the case-sensitive key for the space in question.

Scanning a Space

curl -u admin -X POST "https://{confluence-address}/rest/security/latest/scan/space?key={key}"
CODE

where

  • key is the case-sensitive key for the space in question.

Scanning the Full History of a Piece of Content

curl -u admin -X POST "https://{confluence-address}/rest/security/latest/scan/content?id={id}"
CODE

where

  • id is the content ID.

Scanning a Single Content Version

curl -u admin -X POST "https://{confluence-address}/rest/security/latest/scan/content/version?id={id}&createdWhen={createdWhen}"
CODE

where

  • id is the content ID, and

  • createdWhen is when the version of the content was created (e.g., 2021-08-15T17:54:36.860-05:00).

Scanning Rules

You must be a Confluence administrator to view and modify scanning rules.

Get a List of All Scanning Rules

curl -u admin "https://{confluence-address}/rest/security/latest/rules"
CODE

Enable or Disable a Built-in Scanning Rule

curl -u admin -X PUT "https://{confluence-address}/rest/security/latest/rules/built-in/{name}?enabled={enabled}"
CODE

where

  • name is the name of the rule in question (e.g., AWS_CLIENT_ID – these rule names appear on the settings page obtained via Enabling and Disabling Global Scanning Rules), and

  • enabled is the desired rule state, true or false.

Reviewing Findings

You must be a space admin to review findings. For more information, see Hiding false positives, revoked credentials, etc..

Reviewing a Finding

curl -u admin -X POST -H "Content-Type: application/json" "https://{confluence-address}/rest/security/latest/review/space/{key}/create" --data '{"matchText":"$MATCH","ruleName":"$RULENAME"}'
CODE

where

  • key is the case-sensitive key for the space in question,

  • $MATCH is the exact string to be reviewed, and

  • $RULENAME is the name of the rule which generated this finding.

Un-reviewing a Finding

curl -u admin -X POST -H "Content-Type: application/json" "https://{confluence-address}/rest/security/latest/review/space/{key}/delete" --data '{"matchText":"$MATCH"}'
CODE

where

  • key is the case-sensitive key for the space in question, and

  • $MATCH is the exact string to be reviewed.

Deleting all Reviewed Findings for a Space

curl -u admin -X DELETE "https://{confluence-address}/rest/security/latest/review/space/{key}?confirm=true"
CODE

where

  • key is the case-sensitive key for the space in question, and

  • confirm must be true to complete the operation.

Exporting Findings

You can export findings to a CSV file either for a particular space or all spaces for which you are an admin.

For a Particular Space

curl -u admin -X DELETE "https://{confluence-address}/rest/security/latest/export/space/{key}/findings"
CODE

where

  • key is the case-sensitive key for the space in question.

For All Spaces

curl -u admin -X DELETE "https://{confluence-address}/rest/security/latest/export/findings"
CODE