Confluence integration security
Confluence Cloud Authentication
TeamRetro utilizes OAuth2 authorization to integrate with Confluence Cloud instances. We request the following access scopes: September 4 2025 - scopes were updated to support access to Confluence Cloud v2 API using Granular Scopes.
| Scope | Required for: |
Granular Scopes |
|
| read:space:confluence | Read list of Confluence spaces during configuration of the integration. |
| read:page:confluence | Allow TeamRetro to check if a parent page ("Retrospective" or "Health Check") exists. |
| write:page:confluence | Create new pages for retrospective and health check reports |
| delete:page:confluence | Delete page after testing integration |
|
write:attachment:confluence
|
Attach PDFs / images |
| read:attachment:confluence | Attach PDFs / images |
Classic Scopes |
|
| read:confluence-space.summary | Read list of Confluence spaces during configuration of the integration. |
| write:confluence-content | Create new pages for retrospective and health check reports |
| write:confluence-file | Add PDF attachment to retrospective and health check pages |
| read:confluence-content.summary | Allow TeamRetro to check if a parent page ("Retrospective" or "Health Check") exists. |
| search:confluence | Enable parent page autocomplete during configuration of the integration. |
| offline_access | Allow TeamRetro to post meeting reports to Confluence without requiring re-authentication each time. |
Further information on these access scopes can be found at https://developer.atlassian.com/cloud/confluence/scopes/
Confluence Data Center Authentication
For Confluence Data Center authentication is via Personal Access Token, Basic Authentication or Application Link. As your credentials are stored encrypted in our database, however we strongly recommend creating a separate Confluence user for TeamRetro.
Request Origination
Calls to Confluence will originate from our servers in AWS and are proxied via the fixed Elastic IP addresses.
- US Environment - 44.207.115.152
- EU Environment - 3.74.131.45
APIs Used
In order to push retrospective and health check summary reports through to Confluence, we retrieve a list of confluence spaces to allow the administrator to select the target parent page in Confluence. Before creating a page for the retrospective or health check, TeamRetro will check to see if a suitable parent page (eg. "Retrospectives") already exists, and if not will create one.
We make use of the following APIs:
| API | Required for: |
| Confluence Cloud | |
| /oauth/token/accessible-resources (GET) | get a list of Atlassian Cloud instances the user has access to (Confluence Cloud only) |
| /api/v2/spaces (GET) | get a list of spaces in the selected Confluence instance |
| /api/v2/pages (GET) | check to see if "Retrospective" / "Health Check" parent page already exists |
| /api/v2/pages (POST) | create parent page / retrospective / health check page |
| /api/v2/pages/xxx (PUT) | update retrospective / health check page |
| /api/v2/pages/xxx (DELETE) | delete integration test page (if user options to publish test page) |
| /rest/api/user/current (GET) | confirm connectivity |
| /rest/api/content/xxx/child/attachment (POST) | upload image / PDF attachments |
| /rest/api/content/search (GET) | search for existing parent pages (autocomplete) |
Confluence Data Center |
|
| /rest/api/user/current (GET) | confirm connectivity |
| /rest/api/space (GET) | |
| /rest/api/content (GET) | check to see if "Retrospective" / "Health Check" parent page already exists |
| /rest/api/content (POST/PUT) | create parent page / retrospective / health check page |
| /rest/api/content/xxx/child/attachment (POST) | upload image / PDF attachments |
| /rest/api/content/search (GET) | search for existing parent pages (autocomplete) |
We do not access any other APIs.