Forums
Home Product Q&A Discussion groups Articles Ask a question Search
Learning
Events
Champions

Forums

Articles
Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Product Q&A
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Non-Administrator users can access REST API Browser by going directly to URL?

James Roberts
James Roberts March 28, 2018

We have installed the Atlassian REST API Browser in our Confluence instance and have noticed that any user can get to the REST API Browser if they input the URL directly into their browser. Is this by design? Shouldn't the REST API Browser be limited to only confluence-administrators or some kind of configuration?

Answer
Watch
Like Be the first to like this
1710 views

1 answer

1 accepted

0 votes
Answer accepted
Nic Brough -Adaptavist-
Nic Brough -Adaptavist-
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
March 28, 2018

The REST API is for everyone.  They'll still have to authenticate, and it respects the security granted.

View More Comments
James Roberts
James Roberts March 28, 2018

@Nic Brough -Adaptavist-, thanks for the quick response. I'm not concerned with the REST API itself as that should be available for anyone to use. I am looking at the Atlassian REST API Browser add-on from Atlassian Labs. The only way to get to it through the UI is through the Admin Console which is only available to confluence-administrators. However the REST API Browser can be navigated to by a normal Confluence user if they just type in the URL for the REST API Browser directly into their web browser.

Like
Nic Brough -Adaptavist-
Nic Brough -Adaptavist-
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
March 28, 2018

Ok, but why?  What is the problem?

Like
James Roberts
James Roberts March 28, 2018

If the only way to get there is through an Admin interface then users shouldn't be able to get there by navigating to the URL. They can also access Private APIs through the browser. I just wanted to make sure that this was by design or if it was something that needed to be addressed.

Like
Nic Brough -Adaptavist-
Nic Brough -Adaptavist-
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
March 28, 2018

It's by design, all the REST APIs are public.  The built in REST browser just has functionality that's additionally available on a url, which is shown to admins for their convenience, and not to users because most don't need it.

Like
chandler
chandler April 3, 2019

Hi Nic,

 If Single sign is enabled can the users still make REST API calls to Confluence ?

Thank you.

 

 

  

Like
Reply

Suggest an answer

Log in or Sign up to answer
Product apps
Apps & Integrations
TAGS
AUG Leaders

Atlassian Community Events

    See all events
    Community
    Forums
    FAQs Forums guidelines
    Learning
    About learning Resources
    Events
    Champions
    Copyright © 2025 Atlassian
    Privacy Policy Terms Security
    Welcome illustration

    Welcome to the new Atlassian Community

    Online forums and learning are now in one easy-to-use experience.

    By continuing, you accept the updated Community Terms of Use and acknowledge the Privacy Policy. Your public name, photo, and achievements may be publicly visible and available in search engines.