Forums
Home Product Q&A Discussion groups Articles Ask a question Search
Learning
Events
Champions

Forums

Articles
Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Product Q&A
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Secure Confluence api for webhook on page_updated

Daniel Casals
Daniel Casals
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
Get involved
May 12, 2025

I can't find the proper documentation for  registering webhooks on a confluence page update, using the REST API.

I manage to find in the forum a way to register a webhook using api v1
Like:

POST https://<attlassian-host>/wiki/rest/webhooks/1.0/webhook/

data = {
"name": "Page update webhook testing",
"url": "https://<host>/myapp_endpoint",
"events": ["page_updated"],
"enabled": True
}

But I did not found the proper way to sign the request so I can check it in the endpoint and/or user-pass  config to  reach a secured endpoint.
Can anyone share how to achieve any security level. and how to restrict the webhook to the scope of a single page_id. I tried with a filter attribute, but did not worked.

Answer
Watch
Like Mia Tamm likes this
552 views

1 answer

0 votes
Mia Tamm
Mia Tamm
Contributor
July 27, 2025

Hi @Daniel Casals 

Great question — working with Confluence webhooks on Server/Data Center can be a bit tricky since they don't support scoped filters or signing mechanisms out of the box.

About securing your webhook endpoint:
Atlassian’s webhook implementation doesn’t sign webhook requests. So, you’ll need to secure your endpoint yourself. Here are some common options:

Use a secret token: When registering the webhook, add a custom query param (e.g. ?token=XYZ) or custom header that your server can check before accepting the request.

Restrict by IP: Allow only incoming traffic from your Confluence server's IP.

Use basic auth: You can protect your endpoint with basic auth and handle it on the server side.

Example with shared secret in header:


{
    "name": "Page update webhook",
    "url": "https://<your-endpoint>/webhook",
    "events": ["page_updated"],
    "enabled": true,
    "headers": {
        "X-Webhook-Secret": "my-shared-secret"
    }
}

Then on your server, validate X-Webhook-Secret before processing the request. 

— Mia Tamm from Simpleasyty

Reply

Suggest an answer

Log in or Sign up to answer
Confluence
Confluence
DEPLOYMENT TYPE
CLOUD
TAGS
AUG Leaders

Atlassian Community Events

    See all events
    Community
    Forums
    FAQs Forums guidelines
    Learning
    About learning Resources
    Events
    Champions
    Copyright © 2025 Atlassian
    Privacy Policy Notice at Collection Terms Security