Confluence Cloud API - 403

reg · August 23, 2017, 3:42pm

I’m having trouble with using the AP.request method in the Javascript client.

I have created a Plugin which shows a custom page (general page) inside Jira.

From this page, I want to create a Confluence content page via the AP.request method of the Javascript client.

Working with the JIRA API via AP.request works fine, but when I try to call any method of the Confluence API it always fails with 403, no matter the endpoint I’m using.

Here is an example request that fails:

const data = {
          title: "test",
          "type": "page",
          "space": {
            "key": 'REL',
          },
          "body": {
            "storage":{
              "value": "<p>TEST TEST</p>",
              "representation": "storage",
            },
          },
};

AP.request({
        type: 'PUT',
        contentType: 'application/json',
        url: '/wiki/rest/api/content',
        data: JSON.stringify(data),
        success: (resp) => {
          console.log(resp);
        },
        error: (xhr, status, err) => {
          console.log(status);
        },
      });

What am I doing wrong here?

Do I need to specifically request a scope for Confluence in the addon descriptor?

Do I need to enable something in the settings?

sahal.saad · August 23, 2017, 11:09pm

Can you try with full url if it work .

iragudo · August 23, 2017, 11:44pm

Hi, @reg.

There are specific scopes necessary to invoke specific endpoints. Check this page which defines which scope is necessary for specific REST methods of an endpoint. Since you’re using PUT for /rest/api/content you would be needing a WRITE scope.

As for the URL, I believe you should drop /wiki and start with /rest.

Cheers!
Ian

reg · August 24, 2017, 7:09am

Hey, my plugin has the “READ”, “WRITE” and “IMPERSONATE_USER” scopes, and creating things with the Jira API is not a problem.

The problem only occurs with Counfluence API endpoints.

Also, the user that is active is an admin user, so the permissions should all be there.

The weird thing is that I’m not even getting a JSON error for the 403, but a HTML page.

Regarding the URL, don’t I need the /wiki when talking to the Confluence API rather then the Jira one?

Edit: I have verified that I can use the Confluence API just fine with CURL (but only with basic auth).

Is it just not possible to access the Confluence API from a Jira custom page?

david.pinn · August 24, 2017, 12:06pm

I suspect that the AP JavaScript object has been downloaded from JIRA, and therefore tries to contact JIRA when you call AP.request.

sahal.saad · August 24, 2017, 1:08pm

Maybe the scope only for jira.
The JWT/auth used in AP.request only for you to call the Jira REST only.
You don’t have permission to call Confluence REST
I tried your code and get the same error.
HTTP Status 403 - The add-on is not installed

iragudo · August 24, 2017, 11:47pm

Hi, @reg.

I missed the part wherein it states that it should be accessed inside a JIRA add-on, my bad. Sad to say, this existing issue says that

AP.request() does not allow the targeting of requests to other products for the same customer.

and I’m not sure of any existing workarounds using JWT.

One possible route to take is to create two different add-ons that can/will access the same add-on DB. Then work out a way to note that the owner of the Confluence and JIRA instances are the same (yourinstance.atlassian.net and yourinstance.atlassian.net/wiki) which can be usually achieved by generating a token on one (JIRA) and add to the configuration of the other (Confluence). I have not personally tried this route but it looks plausible, on paper at least.

avelit · October 27, 2017, 1:59pm

Hi iragudo

could you please clarify your route?
I have 2 plugins (wiki & jira) on 1 base
on install I iterate over all records to find clientKey & sharedSecret and store them
now I can create jwt.
But it is useless, I can access only another plugin using jwt (if origin added to ALLOW_ORIGIN, but I can acess it in more simple way)
I can not access neither Jira no Confluence:
Failed to load https://domain.atlassian.net/rest/api/2/field:
No ‘Access-Control-Allow-Origin’ header is present on the requested resource.
Origin ‘https://3681aa86.ngrok.io’ is therefore not allowed access.

the reason is we are in iframe

the only possibility is go to another plugin backend, do requests and response, but it seems too long

so could you please clarify possible route step by step.

Thank you

iragudo · November 6, 2017, 5:56am

Hello, @avelit.

After further reading, I stumbled upon this cross-product add-ons issue and I’m afraid my previous suggestion, which I think was plausible, wasn’t really.

Apologies for the confusion.

11142 · August 11, 2020, 11:54am

I’m having this 403 issue when trying to implement an admin page module for my Confluence connect app. The scope contains “READ”, “WRITE”, “ADMIN”.

When trying to do a post request with AP.request from the admin page, I get a 403.
However when I do a post request with AP.request at the Confluence page where I added my macro, it works.

Is there something I have missed?