Confluence integration security
Confluence Cloud Authentication
TeamRetro utilizes OAuth2 authorization to integrate with Confluence Cloud instances. We request the following access scopes: September 4 2025 - scopes were updated to support access to Confluence Cloud v2 API using Granular Scopes.
Scope | Required for: |
Granular Scopes |
|
read:space:confluence | Read list of Confluence spaces during configuration of the integration. |
read:page:confluence | Allow TeamRetro to check if a parent page ("Retrospective" or "Health Check") exists. |
write:page:confluence | Create new pages for retrospective and health check reports |
delete:page:confluence | Delete page after testing integration |
write:attachment:confluence
|
Attach PDFs / images |
read:attachment:confluence | Attach PDFs / images |
Classic Scopes |
|
read:confluence-space.summary | Read list of Confluence spaces during configuration of the integration. |
write:confluence-content | Create new pages for retrospective and health check reports |
write:confluence-file | Add PDF attachment to retrospective and health check pages |
read:confluence-content.summary | Allow TeamRetro to check if a parent page ("Retrospective" or "Health Check") exists. |
search:confluence | Enable parent page autocomplete during configuration of the integration. |
offline_access | Allow TeamRetro to post meeting reports to Confluence without requiring re-authentication each time. |
Further information on these access scopes can be found at https://developer.atlassian.com/cloud/confluence/scopes/
Confluence Server / Data Center Authentication
For Confluence Server / Data Center authentication is via Personal Access Token, Basic Authentication or Application Link. As your credentials are stored encrypted in our database, however we strongly recommend creating a separate Confluence user for TeamRetro.
Request Origination
Calls to Confluence Server / Confluence Cloud will originate from our servers in AWS and are proxied via the fixed Elastic IP addresses.
- US Environment - 44.207.115.152
- EU Environment - 3.74.131.45
APIs Used
In order to push retrospective and health check summary reports through to Confluence, we retrieve a list of confluence spaces to allow the administrator to select the target parent page in Confluence. Before creating a page for the retrospective or health check, TeamRetro will check to see if a suitable parent page (eg. "Retrospectives") already exists, and if not will create one.
We make use of the following APIs:
API | Required for: |
Confluence Cloud | |
/oauth/token/accessible-resources (GET) | get a list of Atlassian Cloud instances the user has access to (Confluence Cloud only) |
/api/v2/spaces (GET) | get a list of spaces in the selected Confluence instance |
/api/v2/pages (GET) | check to see if "Retrospective" / "Health Check" parent page already exists |
/api/v2/pages (POST) | create parent page / retrospective / health check page |
/api/v2/pages/xxx (PUT) | update retrospective / health check page |
/api/v2/pages/xxx (DELETE) | delete integration test page (if user options to publish test page) |
/rest/api/user/current (GET) | confirm connectivity |
/rest/api/content/xxx/child/attachment (POST) | upload image / PDF attachments |
/rest/api/content/search (GET) | search for existing parent pages (autocomplete) |
Confluence Server / Data Center |
|
/rest/api/user/current (GET) | confirm connectivity |
/rest/api/space (GET) | |
/rest/api/content (GET) | check to see if "Retrospective" / "Health Check" parent page already exists |
/rest/api/content (POST/PUT) | create parent page / retrospective / health check page |
/rest/api/content/xxx/child/attachment (POST) | upload image / PDF attachments |
/rest/api/content/search (GET) | search for existing parent pages (autocomplete) |
We do not access any other APIs.