Rate this page:
This page includes release notes and updates for Confluence Cloud app developers. Use this page to keep track of upcoming changes, deprecation notices, new features, and feature updates from Confluence Cloud.
You can also ask questions and learn from other Confluence Cloud developers on the Atlassian Developer Community.
use-400-error-response parameter from Add labels to content endpointWe have removed the use-400-error-response parameter from the Add labels to content endpoint. Given the previous removal of the 500 status response, this parameter is now redundant and unused.
page_copied webhook payloadWe have added two new fields to the page_copied webhook payload: origin and destination, which contain data for the the original page and newly-created page, respectively.
We have removed the 500 status response from the Add labels to content endpoint. The deprecation period for this response has passed.
From 4th August 2021, persistent refresh tokens are deprecated. All new OAuth 2.0 integrations use rotating refresh tokens.
During the deprecation window, you’ll be able to switch between both refresh token behaviors in the developer console.
From 1st November 2021, all OAuth 2.0 integrations must use rotating refresh tokens and the refresh token options in the developer console are removed.
Learn more about this change and chat with us on the developer community post.
We have added a new endpoint for downloading a content attachment.
The Get Groups API now supports a new query parameter accessType that must be set to “user”, “admin”, or “site-admin”. When set, the API will return groups with that level of access to Confluence.
See more details here
The Content conversion API, when called by an app, will no longer include context JWTs for macro rendering for macros from other apps.
We’ve added new permission API to grant or restrict custom content type permissions access for individual users and/or groups.
Learn more about these changes
Copy Page Hierarchy API will now fail if an exception is thrown during execution of the long running task. This exception will be reported to the messages field of the corresponding long running task, and can be accessed using the Long Running Tasks API.
This change will release to the Confluence Ecosystem Beta Group on June 7th, 2021, and start rolling out in increments to production during June 21st-29nd, 2021.
The first install callback sent by Atlassian to your Connect app is not signed. This could present a security risk. This change ensures that all install and uninstall callbacks are signed so you can verify that a request is genuine. This is a breaking change. Affected apps must be updated by 20 Aug 2021.
See the developer community post Action Required - Atlassian Connect installation lifecycle security improvements for more details.
Previously, after copying properties to an existing page, source page properties were simply appended to the destination page properties. This was a bug that is now fixed. The current, correct behavior is that after copying, source page properties replace the properties of the destination page.
We are deprecating the Set look and feel settings endpoint in favor of a new, more robust and better documented endpoint.
We have added a new Select look and feel settings endpoint to replace the Set look and feel settings endpoint, which we are deprecating. This new endpoint will perform mostly the same function, but with a better interface and clearer documentation.
A breaking API change will be made to Atlassian Connect in Jira and Confluence Cloud to mitigate a vulnerability in the verification of the qsh claim in Connect JWT authentication. The change affects apps that specify an authentication descriptor setting of jwt.
We are adding support for an optional depth parameter to fetch descendant:
subpages of a page e.g. GET https:///wiki/rest/api/content//descendant/page?depth=5 end of page comments on a page e.g. GET https:///wiki/rest/api/content//descendant/comment?depth=15 end of blog comments on a blog post e.g. GET https:///wiki/rest/api/content//descendant/comment?depth=2
up to a desired depth.
We are limiting blueprint descriptions to 100 characters to safely display the entire text for template cards.
The LongTaskStatus object that is returned as part of the responses for the GET /wiki/rest/api/longtask and GET /wiki/rest/api/longtask/{id} endpoints is being updated. Three new fields are being added: status, errors, and additionalDetails.
These fields are populated using the first Message object in the Array<Message> messages. This object holds details about the task that is stored as a string in JSON format. Previously, this information needed to be parsed by the developer. With this change, the new fields should make it easier to access this information.
We have implemented preventative measures to only allow one app with unique macro alias to be installed at a time. Any following apps with a conflicting macro alias will not be able to be installed, thus avoiding this issue completely.
Groups in audit logs will now display groupId next to groupname.
The error response returned on invalid labels for the Add labels to content API has a new status code 400 (previously 500) and an updated response body.
Learn more about this notice for more information.
We will be rolling out a new browsing and configuration experience for macros in Confluence Cloud. See the Developer Community post for more information and proposed rollout timeline.
We will be limiting the number of sub-expansions allowed in the expand query parameter of the Get Content by ID API (/wiki/rest/api/content/
The new Creating a form tutorial teaches you how to build a simple form on a Confluence page, storing responses in content properties.
A new status INITIALIZING_TASK has been added to tasks when initiating Copy Page Hierarchy API. This is to prevent null values in the message field if a task is completed prior to a status being saved.
See the community post Added status message for initiating Copy Page Hierarchy and Long Task APIs for more information.
The Connect JavaScript API supports the ability to nest iframes using the sub extension. While no functional change is happening, we are making an implementation change to how sub iframes are initialized which will make the feature more secure.
See full change notice
Confluence cloud is moving away from groupName towards groupId as the identifier for Groups. Two main changes may affect you.
groupId instead of groupName in the next two months. Once the new groupId APIs are available on Nov 16, 2020, we will start a 6 month deprecation for the APIs that use groupName. After this 6 month period, groupName will still be available but will no longer be immutable, so you will not be able to store it and rely on it being a stable identifier.groupId to the webhook events group_removed and group_created.As part of our continuous effort to simplify the user experience, we are making some UI updates to how the page overflow menu is organized in Confluence Cloud. For apps that use any of the following extension points…
system.content.action/primarysystem.content.action/secondarysystem.content.action/modifysystem.content.action/markersystem.content.action…this update would mean:
Before : apps are located in a Confluence predefined section or app-defined custom section in the menu. After : apps and other integrations will be grouped into their own dedicated section in the menu.
Learn more about these changes
The new Using the REST API tutorial shows how to call the REST API in three places:
The example performs a simple CQL search and displays parts of the returned data.
Starting January 28, 2021, the following APIs will no longer function:
See full change notice for details.
Convert Content Body API is now allowlisted for anonymous access. However, if anonymous access is not explicitly enabled for a tenant, use of the following query parameters will result in HTTP 403 (Forbidden):
spaceKeyContextcontentIdContextThe Atlassian OAuth 2.0 authorization service that is currently available at auth.atlassian.io is moving to a different URL, oauth-2-authorization-server.services.atlassian.com. Atlassian is consolidating all of our public services under this naming scheme. The old URL will be retired as of January 1, 2021. See the OAuth 2.0 endpoint deprecation notice for more information.
The Theme API was built for a UI that Confluence has recently moved away from, and doesn't support the new UI. Based on Theme API usage to date, we are evaluating whether Theme API will support the new UI.
Page-layout is a technical update to the new Confluence navigation for further performance optimization. It’s a whole new way to lay out top navigation, side navigation, and page content on a page, user generated or system rendered.
We've updated our changelog to be more consistent and easier to keep track of. All of the information from our old changelog, formerly called Latest Updates, is included in this page, but now everything is organized by date and announcement type.
Marketplace apps that have access to the customer’s private Apple email, can only use the email as an identifier, not to communicate with.
Atlassian Connect is enhancing the security of impersonation token requests to ensure older OAuthClientId are no longer accepted. We plan to roll out this change in a progressive manner:
See full change notice for details.
Creating a dynamic macro (formerly "Rise of the macros") has been rewritten to be simpler and more useful.
All of the tutorials have been renamed so that you can tell at a glance what each one teaches.
PUT /wiki/rest/api/content/{id}/move/{position}/{targetId}POST /wiki/rest/api/content/{id}/copyWe added the ability for you to move and copy your Confluence pages from the comfort of your REST calls. Find out more about these endpoints in this Dev Chat.
Urgent: See full change details and allowlist in our developer community update.
This change has already been rolled out to sites in the Jira 10 and Confluence 7 Ecosystem Beta Groups for testing and will be rolled out to the general public beginning Wednesday 1st April (changed from Wednesday 25th March).
You can participate in early release rollouts of new product improvements and features on your designated cloud testing or development instances. These rollouts are for production changes, not experimental features. By participating in this program, your designated test/dev instances will be an early release cohort. Sign up your developer instance.
Starting September 2020, we will remove the following legacy fields from the Connect app install payload because they are no longer relevant:
See the full deprecation notice for details.
On July 24, 2020, Confluence will update how we return paginated results for our REST APIs from an index-based system to a cursor-based system. See full notice on changes.
We've made some changes to the Security section of our documentation so that it is easier to use:
Don't worry: no information has been removed, and redirects have been put in place so that your bookmarks will still get you to the information you are looking for.
As a part of larger GDPR changes, we are making some changes to our /wiki/rest/api/search API. Starting 20 Jan 2020, we will no longer support user search through /wiki/rest/api/search.
With these changes, we have also introduced a new API for user search (/wiki/rest/api/search/user) that you can start using today. See full details of changes.
By 29 April 2019, we will remove personal data from the API that is used to identify users, such as username and userKey, and instead use the Atlassian account ID (accountId). Additionally, we plan to restrict the visibility of other personal data, such as email, in conjunction with a user's profile privacy settings.
See full details and tips on how to update your setup in this deprecation notice and migration guide.
Basic auth with passwords is being deprecated in Confluence. From June 3rd, 2019, we will be progressively disabling the usage of this authentication method. See the full deprecation notice here: Deprecation notice - Basic authentication with passwords.
The following are major changes related to GDPR.
Rate this page: