Confluence integration security

Confluence Cloud Authentication

TeamRetro utilizes OAuth2 authorization to integrate with Confluence Cloud instances. We request the following access scopes: September 4 2025 - scopes were updated to support access to Confluence Cloud v2 API using Granular Scopes.
Scope Required for:

Granular Scopes


read:space:confluence Read list of Confluence spaces during configuration of the integration. 
read:page:confluence Allow TeamRetro to check if a parent page ("Retrospective" or "Health Check") exists.
write:page:confluence Create new pages for retrospective and health check reports
delete:page:confluence Delete page after testing integration
write:attachment:confluence
Attach PDFs / images
read:attachment:confluence Attach PDFs / images

Classic Scopes


read:confluence-space.summary Read list of Confluence spaces during configuration of the integration. 
write:confluence-content Create new pages for retrospective and health check reports
write:confluence-file Add PDF attachment to retrospective and health check pages
read:confluence-content.summary Allow TeamRetro to check if a parent page ("Retrospective" or "Health Check") exists.
search:confluence Enable parent page autocomplete during configuration of the integration.
offline_access Allow TeamRetro to post meeting reports to Confluence without requiring re-authentication each time.
Further information on these access scopes can be found at https://developer.atlassian.com/cloud/confluence/scopes/

Confluence Server / Data Center Authentication

For Confluence Server / Data Center authentication is via Personal Access Token, Basic Authentication or Application Link. As your credentials are stored encrypted in our database, however we strongly recommend creating a separate Confluence user for TeamRetro.

Request Origination

Calls to Confluence Server / Confluence Cloud will originate from our servers in AWS and are proxied via the fixed Elastic IP addresses.
  • US Environment - 44.207.115.152
  • EU Environment - 3.74.131.45

APIs Used

In order to push retrospective and health check summary reports through to Confluence, we retrieve a list of confluence spaces to allow the administrator to select the target parent page in Confluence. Before creating a page for the retrospective or health check, TeamRetro will check to see if a suitable parent page (eg. "Retrospectives") already exists, and if not will create one.
We make use of the following APIs:
API Required for:
Confluence Cloud
/oauth/token/accessible-resources (GET) get a list of Atlassian Cloud instances the user has access to (Confluence Cloud only)
/api/v2/spaces (GET) get a list of spaces in the selected Confluence instance
/api/v2/pages (GET) check to see if "Retrospective" / "Health Check" parent page already exists
/api/v2/pages (POST) create parent page / retrospective / health check page
/api/v2/pages/xxx (PUT) update retrospective / health check page
/api/v2/pages/xxx (DELETE) delete integration test page (if user options to publish test page)
/rest/api/user/current (GET) confirm connectivity
/rest/api/content/xxx/child/attachment (POST) upload image / PDF attachments
/rest/api/content/search (GET) search for existing parent pages (autocomplete)

Confluence Server / Data Center


/rest/api/user/current (GET) confirm connectivity
/rest/api/space (GET)
/rest/api/content (GET) check to see if "Retrospective" / "Health Check" parent page already exists
/rest/api/content (POST/PUT) create parent page / retrospective / health check page
/rest/api/content/xxx/child/attachment (POST) upload image / PDF attachments
/rest/api/content/search (GET) search for existing parent pages (autocomplete)
We do not access any other APIs.

Still need help? Contact Us Contact Us