REST Login to Confluence with cURL

...

Section

Column

Document Properties Marker

override	false

Short Description

To access Confluence via its REST API with cURL you typically need to authenticate. Learn how to login with cURL and avoid some common security pitfalls.

Doctype

topic

hide

Name

REST Login to Confluence with cURL

Parent

Parent Property

property	Parent
property-name	Name

Audience

Name List

doctype	role
render-no-hits-as-blank	true
render-list-as-comma-separated-values	true
names	Author, Documentation Architect, Documentation Gardener
property	Audience
empty-as-none	false

Level of Experience

Name List

doctype	experience-level
render-no-hits-as-blank	true
names	Advanced Beginner
property	Level of Experience
empty-as-none	false

Expected Duration

15 min

Subject

Name List

doctype	subject
property	Subject

Download and Install cURL:

https://curl.haxx.se/download.html

Column

Or install direct e.g in ubuntu:

apt-get install curl

Test your Installation:

Code Block Placeholder
curl --version curl 7.2647.0 ...

Section

title	Executing REST calls

Suppose you want to make some REST calls to your Confluence installation: e.g. https://www.example.com/confluence/rest/api

Section

title	REST Call with Username and Password

According to the Confluence REST API Examples you could pass the credentials (username and password) directly to cURL for each call:

Code Block Placeholder

code-theme	Midnight
code-language	Bash
code-title	Simple REST call (login username:password)

curl -u admin:admin https://www.example.com/confluence/rest/api/content/

Warning Box

This is very easy and straight forward, but its not very secure, as every one can see your password in plaintext in your console and by listing the running processes by e.g. ps -aux

user@smartics ~ # ps aux | grep curl
user 17637 0.1 0.0 16560 3200 pts/2 S+ 00:09 0:00 curl -u admin:admin https://www.example.com/confluence/rest/api/content/
user 17660 0.0 0.0 9252 2048 pts/3 S+ 00:09 0:00 grep curl

Section

title	REST Call (Password will be prompted for)

Another option is to enter the password each time you make a REST call by omitting the password in your call:

Code Block Placeholder

code-theme	Midnight
code-language	Bash
code-title	Simple REST call (login username \| password will be prompted)

curl -u admin https://www.example.com/confluence/rest/api/content/
Enter host password for user 'admin':

Now cURL prompts for the password and you can enter it unseen for others. The downside using this is you have to enter the password for every REST call again and again.

Section

title	WARNING MESSAGE

Warning Box

The following two solutions have one thing in common:

They store your password in the file system .

This is on the one hand very convenient but on the other hand a security risk that is discussed widely in the internet: e.g. is-it-safe-to-use-netrc-files-to-store-credentials-for-tools-like-curl-or-ftp.

So please note: We only show some options to automate REST calls to your Confluence instance. Please ask your system administrator whether or not it is OK to use them!

Section

title	REST Call using Config File for Credentials

Creating the cURL config file:

Code Block Placeholder

code-theme	Midnight
code-language	Bash
code-title	Creating the config file

echo "--user admin:XXXX" > ~/curl-password-config.config
chmod go-r ~/curl-password-config.config

Have a look at your file:

Code Block Placeholder

code-theme	Midnight
code-language	Bash
code-title	The config file

cat ~/curl-password-config.config
--user admin:XXXX

Now edit the file and replace the XXXX placeholder with your password.

Use the config file for your next REST call:

Code Block Placeholder

code-theme	Midnight
code-language	Bash
code-title	Simple REST call (using config file)

curl --config ~/curl-password-config.config https://www.example.com/confluence/rest/api/content/

Warning Box

Everyone who as access to your config file knows your password!

user@smartics ~ # ll ~/curl-password-config.config

-rw-r--r-- 1 user user 427 Jun 19 22:05 curl-password-config.config

So at least secure the file by removing the read access for others and groups. e.g.:

chmod go-r ~/curl-password-config.config

Section

title	REST Call using .netrc for Credentials

For more information on the .netrc file please read the GNU Documentation on the .netrc file.

Creating the .netrc file | adding a new machine to the .netrc file:

Code Block Placeholder

code-theme	Midnight
code-language	Bash
code-title	Creating the .netrc file

echo -e "machine www.example.com \n\tlogin admin\n\tpassword XXXX" >> ~/.netrc
chmod go-r ~/.netrc

Have a look at your file:

Code Block Placeholder

code-theme	Midnight
code-language	Bash
code-title	The config file

cat ~/.netrc
machine www.example.com
        login admin
        password XXXX

Now edit the file and replace the XXXX placeholder with your password.

Use the .netrc file for your next REST call:

Code Block Placeholder

code-theme	Midnight
code-language	Bash
code-title	Simple REST call (using config file)

curl -n https://www.example.com/confluence/rest/api/content/

Warning Box

Everyone who as access to your .netrc file knows your password!

user@smartics ~ # ll ~/.netrc
-rw-r--r-- 1 user user 427 Jun 19 22:05 .netrc

So at least secure the file by removing the read access for others and groups. e.g.:

chmod go-r ~/.netrc

Section

title	REST Call using a Session Cookie

One more option you could use is to login to Confluence once, use cookies, store the session cookie and re-use this session cookie for subsequent calls (at least until the session timeout fires):

Code Block Placeholder

code-theme	Midnight
code-language	Bash
code-title	Login and store session cookie

curl -s --cookie ~/privatedir/confluence.cookie --cookie-jar ~/privatedir/confluence.cookie \
 --data "os_username=admin"  --data "os_password=admin" \
 --data "formname=loginform" --data "login='Log In'" https://www.example.com/confluence/dologin.action -o /dev/null

Now make some REST calls using the cookie:

Code Block Placeholder

code-theme	Midnight
code-language	Bash
code-title	Simple REST call using session cookie

curl  -s --cookie ~/privatedir/confluence.cookie https://www.example.com/confluence/rest/api/content/

Warning Box

Everyone who as access to your session cookie now can execute REST calls on behalf of you or use the cookie in his browser on behalf of you! So it is VERY important to keep the cookie file (/privatedir/confluence.cookie) private!

The default is that the file is created with read access to everyone:

user@smartics ~ # ll ~/privatedir/
-rw-r--r-- 1 user user 427 Jun 19 22:05 confluence.cookie

So at least secure the file by removing the read access for others and groups. e.g.:

chmod go-r ~/privatedir/confluence.cookie

Section

title	REST Call using a Session Cookie by creating a Config File on the Fly

But there is (at least) one more option you could use. The option to build a config file on the fly, read it from STDIN, read the password from STDIN and use session cookies can be combined efficiently:

Code Block Placeholder

code-theme	Midnight
code-language	Bash
code-title	Login and store session cookie by creating a config file on the fly

{ echo -n  '--data "os_password='; read a && echo -n $a ; echo -n '"'; } | curl -K - \
 -s --cookie ~/privatedir/confluence.cookie --cookie-jar ~/privatedir/confluence.cookie \
 --data "os_username=admin" \
 --data "formname=loginform" --data "login='Log In'" \ 
 https://www.example.com/confluence/dologin.action -o /dev/null

Note Box

The advantage over the other options is, that using this approach the password is not stored in the file system and afaik it can not be seen in the process list ( ps -efa or others).

Note: After entering the command above the command does not return but waits for your password to be entered and sent to cURL by pressinf enter.

It works by building the --data "os_password=password" part of the options passed to cURL on the fly and by reading the password from STDIN.

Now make some REST calls using the cookie:

Code Block Placeholder

code-theme	Midnight
code-language	Bash
code-title	Simple REST call using session cookie

curl  -s --cookie ~/privatedir/confluence.cookie https://www.example.com/confluence/rest/api/content/

Warning Box

Everyone who as access to your session cookie now can execute REST calls on behalf of you or use the cookie in his browser on behalf of you! So it is VERY important to keep the cookie file (/privatedir/confluence.cookie) private!

The default is that the file is created with read access to everyone:

user@smartics ~ # ll ~/privatedir/
-rw-r--r-- 1 user user 427 Jun 19 22:05 confluence.cookie

So at least secure the file by removing the read access for others and groups. e.g.:

chmod go-r ~/privatedir/confluence.cookie

Section

title	Resumé

Section

title	Subordinate Topics

Display Table

doctype	topic
render-no-hits-as-blank	true
select	Name, Short Description
restrict-to-immediate-children	true
sort-by	Sort Key, Name

...

Section

title	References

Section

title	Resources

Piwik Set Multiple Custom Variables

Name	Value
Department	projectdoc
Category	projectdoc-tip
Type	howto

Space shortcuts

Page tree

Docs

Support

Free Blueprints

Tooling for Blueprints

Free Extensions

Spaces

Plugins for Maven

Incubator

Libraries for Java

Incubator

Add-ons for Confluence

Tools

Support

Team

Legal

Versions Compared

Old Version 4

New Version Current

Key

Download and Install cURL:

Or install direct e.g in ubuntu:

Test your Installation:

About

Keep up-to-date!

Powered by