Skip to main content
Skip table of contents

REST API

Compliance for Confluence has a REST API enabling programmatic access to classification levels, data detections, and other Compliance-related features and their configurations.

This REST API empowers administrators to automate compliance workflows, extract insights, integrate with external tools, and manage configurations - all securely and efficiently.

🔐 API Key Authentication

To ensure secure access, the REST API requires the use of API keys for authentication.

API keys are scoped to specific users (the creator of the API key) and grant access to data and operations according to the user’s Confluence permissions and the configured scopes/limits on the API key.

Creating an API Key

  1. Go to Apps → Compliance → Administration → API Keys in your Confluence instance

  2. Click Create Key

  3. Configure your key with a name, expiry date, scopes, and limits

  4. Click Create

  5. Copy the key and save it securely. It will not be shown again!

💡 Important: API keys are tied to the Confluence user that created them and inherit their Confluence permissions. Treat API keys like passwords. Do not share them publicly.

API Keys can be edited after they have been created (all key configuration can be altered except the expiry date). API Keys can be manually revoked at any time.

Configuring an API Key

When creating a new API key, you can configure a set of options to control its access and security. These settings help you tailor the key’s permissions to your use case, applying the principle of least privilege.

Name

Provide a human-readable name to help you identify the purpose of the API key. This is especially useful for managing multiple keys.

Expiry Date

Set an expiry date to limit how long the API key remains valid. After the expiration date, the key will no longer be accepted for authentication and will be marked with an expired status.

🔒 Best practice: Use short-lived keys for scripts or one-time integrations, and rotate long-lived keys regularly.

Scopes

API scopes define what operations and data the API key is allowed to perform and access. Scopes are grouped into the following categories:

Classification Scopes

Controls access to page classification data:

  • No Access – Cannot view or change classification

  • Read – Can view classification data on pages

  • Write – Can modify classification data on pages

  • Manage – Full classification control, including configuration

Detection Scopes

Controls access to data detection results:

  • No Access – Cannot view or interact with detection results

  • Read – Can view detection results

  • Write – Can perform actions on detection results, such as redactions and exclusions

  • Manage – Full detection access, including configuration

🔧 Scopes are enforced at the API level and respect the Confluence permissions of the user that created the key.

The required scopes for each endpoint are provided in our REST API documentation.

Page Access Limits

Limit the API key to only work with specific classification levels. This restricts what types of content the key can access or modify.

🚫 If no levels are specified, then no classification level restrictions will be applied to the key

Space Limits

Restrict the API key to only work on specific Confluence spaces. The key will be unable to access pages outside of the selected spaces.

🚫 If no spaces are specified, then no Confluence space restrictions will be applied to the key

Authentication Header

Include your API key in the x-api-key request header on all API requests:

CODE 
x-api-key: <your_api_key>

🔒 The API will reject requests without a valid x-api-key. Ensure the key has the correct scopes and access limits for the operation being performed.

🚀 Example: Get Page Classification

This example shows use of an endpoint to retrieve the classification level of a specific page.

  • Request URL:

CODE 
GET https://ac-cloud.com/compliance/api/v1/instance/by-page/{pageId}

  • Request

CODE 
curl -X 'GET' \
  'https://ac-cloud.com/compliance/api/v1/instance/by-page/{page_id}' \
  -H 'accept: application/json' \
  -H 'x-api-key: {your_api_key}'

  • Response

CODE 
200
{
  "pageId": "123456789",
  "spaceId": "98765432",
  "ownerId": "1a2b3c4d5e6f7g8h9i0j",
  "levelId": "1234567a-12bb-1c12-1d12-e12fghij1234",
  "subLevelId": null,
  "classifierId": "12ab12cd123ef1234567g123",
  "classificationDate": "2025-03-06T10:25:08.813Z",
  ...
}

📚 REST API Docs

To view all available REST API endpoints, visit the full API documentation:

🔗 Compliance REST API Docs

🔗 Compliance REST API Docs as JSON

The base URL for the REST API is: https://ac-cloud.com/compliance/api/

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close