# NG SIEM - (Plain Scope) Atlassian Confluence Integration

#### What is API Token?

A secure string used to **authenticate external applications or scripts** so they can access Confluence’s REST APIs without needing a user password. Its main use is to **allow programmatic access** for integrations, automation, or tools to interact with Confluence content.<span class="relative -top-px inline-flex max-w-full items-center align-middle" data-testid="conversation-context-citation-pill-wrapper"><button aria-label="Memory" class="text-token-text-secondary! relative ms-1 inline-flex h-6 min-w-8 cursor-pointer items-center justify-center rounded-[40px] px-2 transition-colors duration-150 ease-in-out bg-token-bg-tertiary hover:bg-token-bg-secondary" data-testid="conversation-context-citation-pill" type="button"><svg aria-hidden="true" class="size-4 shrink-0" data-rtl-flip="" data-testid="conversation-context-citation-pill-icon" height="20" width="20" xmlns="http://www.w3.org/2000/svg"></svg></button></span>

---

#### Creating an API Token

Follow these steps to create a token. Note: As of March 13, 2025, tokens created before December 15, 2024, will expire between March 14 and May 12, 2026. New tokens default to 1-year expiration (adjustable from 1 to 365 days).

1. Log in to [https://id.atlassian.com/manage-profile/security/api-tokens.](https://id.atlassian.com/manage-profile/security/api-tokens)
2. Select "Create API token".
3. Enter a descriptive name for the token (e.g., "AQUILA- Audit Logs Monitoring").
4. Choose an expiration date for the token (between 1 and 365 days; consider shorter for security).
5. Click "Create".
6. Copy the token and save it securely. You cannot view it again after this step. If lost, generate a new one. Share only with trusted integrations like AQUILA—revoke if compromised.

---

#### Required Atlassian-Side Permissions

The user account tied to the email (Jira/Confluence User Identifier) must have admin-level access to fetch audit logs via API:

- For Confluence: Confluence **Global permission**.   
    [https://your-domain.atlassian.net/wiki/admin/permissions/global?tab=internal](https://your-domain.atlassian.net/wiki/admin/permissions/global?tab=internal)
- The **confluence-admins-ronaldoa** both **Personal Space** and **Create Space** should be checked. Click the "Edit" to proceed.

[![image.png](https://cytechint-docs-bookstack.s3.amazonaws.com/uploads/images/gallery/2026-04/scaled-1680-/tUvojKfkEvIQ5k6A-image.png)](https://cytechint-docs-bookstack.s3.amazonaws.com/uploads/images/gallery/2026-04/tUvojKfkEvIQ5k6A-image.png)

- For Confluence: Confluence **Administration** permission.  
    [https://admin.atlassian.com/o/8d1afe09-e60a-4bf3-87d9-c71b10e4842b/atlassian-apps](https://admin.atlassian.com/o/8d1afe09-e60a-4bf3-87d9-c71b10e4842b/atlassian-apps)
- Click "**Manage app**".

[![image.png](https://cytechint-docs-bookstack.s3.amazonaws.com/uploads/images/gallery/2026-04/scaled-1680-/YZ4HkbMl8V7btAlU-image.png)](https://cytechint-docs-bookstack.s3.amazonaws.com/uploads/images/gallery/2026-04/YZ4HkbMl8V7btAlU-image.png)

- Provide Role **App admin**, **User access admin**, **user** in **confluence-admins-ronaldoa.**

[![image.png](https://cytechint-docs-bookstack.s3.amazonaws.com/uploads/images/gallery/2026-04/scaled-1680-/AVedDSkvYeLC8TSf-image.png)](https://cytechint-docs-bookstack.s3.amazonaws.com/uploads/images/gallery/2026-04/AVedDSkvYeLC8TSf-image.png)

- In **Groups** under by **Directory,** make sure the **User** is active.

[![image.png](https://cytechint-docs-bookstack.s3.amazonaws.com/uploads/images/gallery/2026-04/scaled-1680-/7WJJsYhOPV3zCzXs-image.png)](https://cytechint-docs-bookstack.s3.amazonaws.com/uploads/images/gallery/2026-04/7WJJsYhOPV3zCzXs-image.png)

Without this, the API may authenticate successfully (leading to a "healthy" status in AQUILA) but return no data or errors like 403 Forbidden. If you lack access to the client side, request they verify/add these permissions via admin.atlassian.com &gt; Global Permissions.

<p class="callout info">**Note: If you're on a Free plan without org access, you can't enable advanced features—consider upgrading or using site-level logs in individual apps.**</p>

#### Required Credentials for Integration Access (AQUILA Setup)

Use these in AQUILA &gt; Integrations &gt; Atlassian Jira/Confluence setup (separate integrations for each). For Atlassian Cloud, authentication uses Basic Auth (email + token).

- **API URL**: Base Atlassian API URL without paths (e.g., [https://your-site.atlassian.net](https://your-site.atlassian.net) for Confluence; add /wiki for Confluence endpoints if needed, but AQUILA handles this).
- **User Identifier**: Your Atlassian email address (must be linked to an admin account as noted above).
- **API Token**: The scoped token created above.
- **Personal Access Token (PAT) -** : The Personal Access Token used for self-hosted instances. If set, Jira User Identifier and Jira API Token will be ignored. **(Optional)**

For self-hosted (Data Center/Server) instances, a Personal Access Token may be used instead, but Cloud setups prefer the API token.

<p class="callout info">Please provide the following information to CyTech</p>

- **API URL**: Base Atlassian API URL without paths (e.g., [https://your-site.atlassian.net](https://your-site.atlassian.net) for Jira; add /wiki for Confluence endpoints if needed, but AQUILA handles this).
- **Confluence User Identifier**: Your Atlassian email address (must be linked to an admin account as noted above).
- **Confluence API Token**: The scoped token created above.