Where is macro configuration data stored?


I am currently developing a new Confluence application using ACE. The application has a Dynamic Content Macro with a couple of fields that a user can use to configure their application. Once finished inputting their details, the application is rendered on the page.

In my application I am using saveMacro() to save the macro configuration data, like so:

AP.confluence.saveMacro(formattedData, 'Macro body')

My question is, where is the data actually stored? And is it secure? I can’t see anywhere that documents this, but I may have missed it

I have a database configured for my application, and the details in my config.json. like the following:

"production": {
    "port": "$PORT",
    "errorTemplate": true,
    "localBaseUrl": "$APPLICATION_URL",
    "store": {
        "type": "postgres",
        "url": "$DATABASE_URL"

When I run queries against my database, all I can see is a “AddonSettings” table with no configuration data. A follow-up question would be, why do I need to setup my own database if the configuration data is not stored there.

Hi @daraleonard :wave:

The confluence macro data is saved in the Confluence database and is made available to your app as context variables in your descriptor or using the AP.confluence.getMacroData() javascript method

In terms of security, this is probably the most secure way to store user data, as it is directly stored in the Confluence database and both security, reliability and availability (incl. backup & restore) is therefor Atlassian responsibility within the shared responsibility model.

Now with regard to the need to have your own database: if you do not intend to store installation lifecycle event payload data, there is no need to have a database.

Hope this helps!

1 Like

Thanks @remie , that helps a lot.

That’s not super clear from the documentation so thanks for the clarification.

1 Like

Hi @remie , is there a way I can get access to this macro config data in the express layer?

Euhm, yes, but it is tricky. You can do a REST API request to get content, and retrieve the content body in storage format. This is an XML representation of the page content, which also includes the macro. I think this also includes the macro parameters, but if not, you can retrieve them with yet another REST API call

What is your use case? Why do you need this information in the back-end?

I have a dynamic content macro with an editor. Based on input in the editor, there is a request made with some potentially sensitive data which I want to hide from the browser.

I’m thinking of creating an endpoint in the express layer that would get the content form the macro and perform the request, thus hiding the request from the dev tools.

The thing is: you have access to the macro parameters in the editor and when rendering the macro. Which means you can retrieve the parameters on the frontend and pass them to your backend with a simple HTTP request.

Now if I understand correctly, you don’t want to do that because you don’t want to expose the parameters to the browser, is that correct?

If so, it might be good to know that these parameters are already exposed in the HTML as atlassian puts them in an attribute in the macro iframe. It is probably wise to not store sensitive information in the macro data.