Developer
News and Updates
Get Support
Sign in
Developer
Get Support
Sign in
DOCUMENTATION
Cloud
Data Center
Resources
News and Updates
Get support
Sign in
Developer
Sign in
DOCUMENTATION
Cloud
Data Center
Resources
News and Updates
Get support
Sign in
Runtimes
Web triggers
Async events
Dynamic Modules (EAP)
Atlassian app REST APIs
Fetch APIs
Last updated Feb 13, 2026

requestConfluence

You can use requestConfluence to make a request to the Confluence REST API from within your Forge app. The client includes an Authorization header based on the context-bound fetch call.

To use requestConfluence, import the Forge API package in your app:

1
2
import api, { route } from '@forge/api';

To check the status of a request, use status as shown below:

1
2
const result = await api
    .asApp()
    .requestConfluence(
      path[, options]
    );
const status = result.status;

Method signature

1
2
// Authenticated
api.[asApp | asUser]().requestConfluence(path[, options]) => Promise<Response>

// Authenticated, requires user impersonation scopes, see table below
api.asUser(accountId).requestConfluence(path[, options]) => Promise<Response>

// Unauthenticated (used for operations that do not support OAuth 2.0)
api.requestConfluence(path[, options]) => Promise<Response>

When making an authenticated API call, you can specify whether to use the app (asApp) or its user (asUser) as the context:

MethodDescription
api.asApp()

Use this method to call an Atlassian API as the app, using the app user. If your app has all the required permissions, the request will work regardless of who uses the app.

When using asApp, you can use the Authorize API to verify user permissions before making the request.

api.asUser()

Use this method to call an Atlassian API as the user of the app.

If the user initiating the request has not granted permission to the app, the request is made without a valid Authorization header.

If the API returns a 401 and there isn't a valid Authorization header, then an Error is thrown.

  • If this error isn't caught, the user is prompted to grant access to the app.
  • If the user grants access, the app is re-initialized.

Note: This context method is only available in modules that support the UI kit.

api.asUser(accountId)

Use this method to call an Atlassian API as any user.

This method requires specifying offline user impersonation support for the scopes being used. The API calls and users being impersonated are also subject to some restrictions. See:

Path construction (route)

You must use the route tagged template function to construct the path that's passed to the Atlassian app fetch APIs. route blocks unsafe interpolated parameters in the path and encodes the query parameters using encodeURIComponent. This provides protection against security vulnerabilities, such as path traversal and query string injection.

Usage

1
2
import api, { route } from '@forge/api';

// With no parameters
route`/wiki/api/v2/pages`;

// With parameter: e.g. '/wiki/api/v2/pages/12345'
route`/wiki/api/v2/pages/${pageId}`;

// With query parameters: e.g. '/wiki/api/v2/pages/12345?body-format=atlas_doc_format'
route`/wiki/api/v2/pages/${pageId}?body-format=${bodyFormat}`;

// With more complex query parameters: e.g. '/wiki/api/v2/pages?space-id=12345&title=My Page'
const queryParams = new URLSearchParams({
  ...(spaceId ? { 'space-id': spaceId } : {}),
  ...(title ? { title: title } : {}),
});
route`/wiki/api/v2/pages?${queryParams}`;

// With multiple query parameters: e.g. multiple labels in the '/wiki/rest/api/content/search' endpoint
// which results in a URL like '/wiki/rest/api/content/search?cql=label="label1" OR label="label2"'
const labels = ["label1", "label2"];
const cql = labels.map(label => `label="${label}"`).join(" OR ");
const searchUrl = route`/wiki/rest/api/content/search?cql=${cql}`;
const response = await api.asApp().requestConfluence(searchUrl, {
  headers: {
    'Accept': 'application/json'
  }
});

When route is called, the Forge runtime also checks for possible path manipulation attempts (for example, issueKey or repo_slug coming from the user as ../../../evil_api_call), escaping or blocking as needed.

If the URL is constructed separately, the runtime might throw an exception for this as a false positive. This is because the runtime has no way of knowing which parts might have been manipulated by the user.

You have the option to bypass this requirement by using assumeTrustedRoute from @forge/api. However, you should only do this if absolutely needed because this puts you at risk of security vulnerabilities if used without a validated or trusted route.

Parameters

NameTypeDescription
pathstring

A Confluence REST API operation path. See the Confluence Cloud platform REST API for more information. The path must be constructed using the route tagged template function.

optionsobject

See Using the Fetch API with Undici in Node.js for details about accepted values.

Defaults: { 'content-type': 'application/json' }

Authenticated example

Make a request to the /wiki/rest/api/content resource on the Confluence site where the app is installed:

1
2
api.[asApp() | asUser(accountId?)].requestConfluence(route`/wiki/rest/api/content`);

Unauthenticated example

Make a request to the /wiki/rest/api/audit resource on the Confluence site where the app is installed, using basic authentication:

1
2
api.requestConfluence(route`/wiki/rest/api/audit`, {
  headers: {
    'Authorization': 'Basic <base64 token>'
  }
});

Rate this page: