Confluence Cloud migration mapping endpoint fails on using the `transferId` provided by Confluence Cloud Migration Assistant

Hi devs,

Our team has been working lately on a migration through Confluence Cloud Migration Assistant and we wanted to do mapping for the users and groups existing on a Confluence server instance to Confluence cloud instance corresponding users/user groups, we tried to use this mapping api https://your-site.atlassian.net/rest/atlassian-connect/1/migration/mapping/{transferId}/page?namespace=identity:user but for some reason we hit a 403 whenever we use the transferId that returns from the migration notification send by the Confluence Cloud Migration Assistant webhook.
In summary we need to know what is the proper way to handle mapping in a post migration processing that mostly will happen on front end to handle users and user groups?

1 Like

Hi @hazem.gharib,

Thanks for your post.

First, please make sure that you have the correct scopes applied as documented in https://developer.atlassian.com/platform/app-migration/access-scopes/. Specifically, you’ll need to specify MIGRATION_TRACING_IDENTITY in getDataAccessScopes().

Next, as you’re accessing Confluence Cloud, please use the base URL https://your-site.atlassian.net/wiki.

https://your-site.atlassian.net/wiki/rest/atlassian-connect/1/migration/mapping/{transferId}/page?namespace=identity:user

Let me know how it goes.

Regards,
James.

2 Likes

Hi James,

Thank you for your help, we’re actually providing the MIGRATION_TRACING_IDENTITY alongside other Access Scopes, but looks like we still seeing the same issue while doing the mapping.
We’re also confirming that we are using the proper URL for the API including the /wiki part as you suggested in here:
https://your-site.atlassian.net/wiki/rest/atlassian-connect/1/migration/mapping/{transferId}/page?namespace=identity:user.

Regards,
Hazem

Hi @hazem.gharib,

I missed this part of your original post

You’re seeing the HTTP 403 probably because you don’t have a valid JWT with the request. If you’re accessing the endpoint from the front end, e.g. via React then you’ll need to send the JWT token with the request. I’ve not tested this (but I will soon as it’s a super interesting idea) but you can try with something like (this is a rough guess)

    let tokenPromise = new Promise(token => window.AP.context.getToken(token))
    tokenPromise.then(token => {
        return fetch('/wiki/rest/atlassian-connect/1/migration/mapping/'+transferId+'/page?' + new URLSearchParams({'namespace': 'identity:user'}),
            {
                method: 'GET',
                headers: {'Authorization': 'JWT ' + token}
            })
        }).then(response => response.json())
        .then(json => {
            // process json response
        })

But I’m not sure if the JWT will be accepted as it won’t have a query string hash. If not, then you’ll have to make a request through to your service and have the service make the call.

Regards,
James.

1 Like

Hi @jrichards

Thanks for your prompt responses, however, we tried to send the request including a JWT as suggested but unfortunately this didn’t work for us.
At the meantime we are looking for a way to do mapping for the users and groups migrated from Confluence Server on client side as it is considered a business requirement, we probably could discuss this in more detail on a scheduled call.

Regards,
Hazem

1 Like