Hi, Is there a API to interact with the Developer Console instead using the UI?
I found this API: https://developer.atlassian.com/dev-console-legacy-graphql and it works using email and personal access token, but I am not sure about the future of this API, if it will still available or there is a plan to replace it (because it is legacy).
Thank you for you help.
Regards.
No, there isn’t a supported, public API for the developer console. But I’m very curious about how you want to use such an API? What resources do you want to manage with code?
Hi Ian, we are working in a integration where end users through our application could make API request to Confluence using access tokens.
For security reasons we need to avoid to pass manually the client secret between our operational users involved in our deployment process.
In other integrations exists the posibility to create the OAuth application client and get that kind of sensitive data without manual intervention.
With Atlassian we did not found yet something like that, the only documented way is to create the application manually and copy and paste the secret then save it into our backend system in order to create access tokens by user consent.
So this is why I ask about an API to do that, where an Admin user could use a personal token to create an OAuth 2.0 application and get the sensitive data or at least try to get that kind of data without need to copy and share with someone else, at least at as part of our deployment process.
Do you have in your roadmap an API to achieve something like that?
No, we don’t.
On one level, I do understand the problem of making every customer create a client key & secret. Yes, that’s an awful UX.
What’s not clear to me is why you would need that. Our OAuth 2.0 Cloud implementation is a platform-level capability, so it’s meant for a “multi-tenant model” where apps like yours have a single client implementation and then each user only needs to run through the authorization flow. Why can’t your integration have a client key/secret pair for all customers?
Sorry for the misunderstanding, basically we need a programmatically way to create an OAuth 2.0 application or get in the same way the client secret instead of creat it manually or copy and paste the secret to get it.
Something like that could help us to avoid manual intervention for security reasons.
Regards
Yes, I understood that’s what you were asking. I still don’t understand why. Why does every customer need their own OAuth 2.0 application (with credentials) for your integration?
No, we just need an one OAuth application for our integration, and our end users could use it to consent the integration and use access tokens to get Confluence Pages through the API, basically this how our integration works.
Our deployment process, involves a Confluence Admin user who is responsible to create the OAuth 2.0 application and another AdminUser who has permissions to setup our backend integration, so one part of the process consist into pass the cliente secret from the Confluence Admin user to the other Admin User, so we intend to avoid this step creating programmatically the OAuth 2.0 application and then save the secret in our backend.