6 new Group APIs and 2 Group API deprecations for Confluence Cloud

What are we doing?

The Confluence Cloud team has created 6 new Group APIs to enable site admins to perform CRUD operations on groups and group members. We are deprecating 2 existing Group APIs that are replaced by the new APIs.

During the deprecation period, the old APIs will still work, but we strongly recommend using the new APIs and we will redirect documentation links accordingly.

APIs to be deprecated:

• Get group

  • GET /wiki/rest/api/group/{groupName}
  • https://developer.atlassian.com/cloud/confluence/rest/api-group-group/#api-api-group-groupname-get
  • Deprecation date: January 28, 2021

• Get group members

  • GET /wiki/rest/api/group/{groupName}/member
  • https://developer.atlassian.com/cloud/confluence/rest/api-group-group/#api-api-group-groupname-member-get
  • Deprecation date: January 28, 2021

APIs already added:

• Get group

  • GET /wiki/rest/api/group/by-name
  • https://developer.atlassian.com/cloud/confluence/rest/api-group-group/#api-api-group-by-name-get

• Get group members

  • GET /wiki/rest/api/group/member
  • https://developer.atlassian.com/cloud/confluence/rest/api-group-group/#api-api-group-member-get

• Create new user group

  • POST /wiki/rest/api/group
  • https://developer.atlassian.com/cloud/confluence/rest/api-group-group/#api-api-group-post

• Delete user group

  • DELETE /wiki/rest/api/group
  • https://developer.atlassian.com/cloud/confluence/rest/api-group-group/#api-api-group-delete

• Add member to group

  • POST /wiki/rest/api/group/user
  • https://developer.atlassian.com/cloud/confluence/rest/api-group-group/#api-api-group-user-post

• Remove member from group

  • DELETE /wiki/rest/api/group/user
  • https://developer.atlassian.com/cloud/confluence/rest/api-group-group/#api-api-group-user-delete

Examples:

Instead of specifying the group name in path parameters /wiki/rest/api/group/{groupName}, group names can be specified in the query parameters when requesting to /wiki/rest/api/group/by-name?name={groupName}

Same case for retrieving members of a group.

Hi,
Is this Get Group Member endpoint deprecated for OAuth2.0(3LO)?
https://developer.atlassian.com/cloud/confluence/rest/api-group-group/#api-api-group-groupid-membersbygroupid-get

GET /wiki/rest/api/group/{groupId}/membersByGroupId

OAuth scope is not listed in the document and when trying to hit the API it gives 401, Unauthorized scope does not match error.

Hi @samsaas,

This API was added after my initial announcement. I reached out to the team that created this to update our documentation to include the OAuth scope.

I can see that it is now added to our documentation, can you try using that API again with read:confluence-groups OAuth scope?

Hi @Andrew.Ngo,

It still does not seems to work. I have added all the scopes in Confluence app management page to my app.
And using the token generated, I am able to get the groups (https://developer.atlassian.com/cloud/confluence/rest/api-group-group/#api-api-group-get)
But using the same token, it still gives me 401 error for GET /wiki/rest/api/group/{groupId}/membersByGroupId

Whereas the get group members by name endpoint (https://developer.atlassian.com/cloud/confluence/rest/api-group-group/#api-api-group-member-get)
works fine with the same token.

In addition to this I get the same error for these endpoints too :
https://developer.atlassian.com/cloud/confluence/rest/api-group-users/#api-api-user-memberof-get

https://developer.atlassian.com/cloud/confluence/rest/api-group-group/#api-api-group-userbygroupid-delete

Hi @Andrew.Ngo,

Could you please confirm if this is a limitation on the API’s using group Id and OAuth scope as I have tested the corresponding API with group-name parameters and those seem to work fine with OAuth using the same scope?

Working on this further, I have found that the issue is not with the OAuth scope but the URL used for OAuth 2.0(3LO).
Referring this document : https://developer.atlassian.com/cloud/confluence/oauth-2-3lo-apps/

which says when using OAuth2.0(3LO), we need to construct the URLs in this format: https://api.atlassian.com/ex/confluence/{cloud-id}/{api}
but this format for the group-id APIs and user APIs gives 401: scope does not match error.

On the other hand, changing the url to :
https://your-domain.atlassian.net/{api} with the Access Token generated, works fine for all the APIs including group-id and user APIs.

Please confirm if this is a planned change(not reflected in the document) or still under development?

@samsaas, thanks for the insight. This API was not part of the original announcement and still under development. I have contacted the team that created this API of your comments and will have them follow up when ready.

Let me also share this reply since this has been brought to my attention recently:

Thank you,
Caterina

Hi @ccurti,
As per my testing then, although the response returned ‘401’, the issue was not the scope added to the app, but the Base URL itself.
As, switching the Base URL from api.atlassian.com to the org URL worked fine for all APIs then.

However, the case is not the same anymore. so this issue is not reproducible now.

Hi @SheetalShetty1 ,
Are the Confluence Cloud APIs not supporting org Url(domain URL) for OAuth2.0 (bearer token) anymore? Because I am facing this issue -
Base Url as mentioned in the documentation - api.atlassian.com is working but domain Url is not with OAuth 2.0 Authentication.

Hi @ShwetaGulati,

Please refer to update made recently on this change.