Is there a way, using basic authentication to the REST API, for an admin to access other users’ private Confluence items?
We’re prototyping a feature in our archiving/indexing product which would allow customers to archive and search all of their Confluence data (among other sources). The instance of Confluence in question may be cloud or on-site, depending on the customer.
The backup tool ( /wiki/plugins/servlet/ondemandbackupmanager/admin ) would be interesting, except that it is restricted to running only once per 24 hours. It also appears that the underlying call ( /wiki/rest/obm/1.0/runbackup ) is undocumented, and perhaps not intended for external or automated use.
Basic Auth using a site administrator’s account looks to be the ideal way for us to access the REST API and download documents. This way, our users can configure authentication once and let our software regularly download content.
Unlike the backup tool, the REST API does not show other user’s private items, even to the administrator. This seems like a bug; perhaps there is something we could add to our requests to make regular users’ private items visible?
There is user impersonation, in the UI and available to Connect Apps, but it’s out of the question to ask each of our customers who wants Confluence functionality to set up their own Connect App. (Our products run on-site for most customers; we have no one central service which everybody would connect through.) It would also not be acceptable to notify every user each time a crawl is done. Finally, short-lived OAuth tokens are not a good fit for our use case of our customer configuring access to their Confluence once, and our product then downloading the data non-interactively.
So, that brings us back to my original question, with a follow-up:
Is there a way, using basic authentication, for an admin to view other users’ private Confluence items via the REST API?
If not, is the backup tool something which could be used automatically? We could probably live with once per day if we had to, but we don’t want to abuse an unsupported API call.
Since the site administrator can log in and create a backup of all Confluence data, including other users’ private items, it feels like a bug that the same data cannot be accessed by the same administrator through the REST API. Our hope is that in fact it can, and we’ve just missed some important parameter or endpoint or setting, etc. (And, if not, we’re all ears for alternate approaches.)
Thanks in advance!