Confluence provides REST APIs to perform a number of operations such as Create Page, Delete Page, Add Comment, Create Space, etc. However, it supports only two authentication methods for REST APIs:
- Basic Authentication
- Using Confluence as OAuth 1.0 Provider
The REST API Authentication plugin for Confluence allows you to use any third party OAuth 2.0 provider/ OpenID connect to authenticate REST APIs.
Benefits of using REST API Authentication add-on:
- Secure: This is more secure than Basic Authentication as the user’s credentials are not passed with every API request. The add-on only requires access token generated by the third party OAuth 2.0 Provider/ OpenID Connect.
- Flexible: It allows you to use any third party OAuth 2.0 provider/ OpenID Connect for authentication and not just Confluence.
- Overall Protection: The plugin can also block basic authentication requests such that no one without a valid access token can use any REST API.
- SSO Compatible: If you’re using Single Sign-On for Confluence, you can configure your Identity Provider to provide authentication for REST APIs as well.
The REST API Authentication flow involves these two simple steps:
- Request Access Token from OAuth 2.0/OIDC Provider
- Call Confluence REST API using this access token