7

I am migrating from Confluence's SOAP API to using their REST API. I see there is support for adding attachments to a page (by doing a POST) but I am running into issues getting it to work (I am getting a 403: Forbidden Error message). I have other "get" items working fine through the rest api but doing an attachment post seems to keep failing.

Here is my current code (given a specific filename):

 byte[] rawData = File.ReadAllBytes(filename);
 var pageId = "11134";
 var url = new Uri("http://example.com:9088/rest/api/content/" + pageId + "/child/attachment");
 var requestContent = new MultipartFormDataContent();
 var imageContent = new ByteArrayContent(rawData);
 imageContent.Headers.ContentType = MediaTypeHeaderValue.Parse(attachement.contentType);
 requestContent.Add(imageContent, "file", attachement.fileName);
 requestContent.Headers.Add("X-Atlassian-Token", "nocheck");

Can you see if I am doing anything wrong above?

leora
  • 188,729
  • 360
  • 878
  • 1,366
  • Confluence docs stays: "Returned if attachments is disabled or if you don't have permission to add attachments to this content.". Have you tried using CURL like in the page here https://docs.atlassian.com/confluence/REST/latest/#d3e787 and see if it still returns 403? – Simon Mourier Sep 29 '15 at 05:52
  • I just tried curl and I get an error curl <56> Recv failure: Connection was reset. I used this syntax curl -D- -u user:pwd -X POST -H "X-Atlassian-Token: nocheck" -F "file=@test.txt" htttp://example:9088/rest/api/content/71105117/child/attachment (NOTE: I put an extra "t" in "http" in this comment so SO wouldn't try to convert it to a hyperlink – leora Sep 29 '15 at 12:16
  • @SimonMourier - also, is there other authentication required on the C# code above? – leora Sep 29 '15 at 12:21
  • Oh, yes, probably you need to add some credentials to the request. – Simon Mourier Sep 29 '15 at 13:49
  • Have you checked the settings of Confluence? Are Attachments allowed in Confluence? System-> Select Advanced -> Attachments – Jehof Sep 30 '15 at 06:42
  • @Jehof. Yes as per my question. The SOAP equivalent of the above code worked fine – leora Sep 30 '15 at 11:48
  • Their documentation says that you receive a 403 error: `Returned if attachments is disabled or if you don't have permission to add attachments to this content.` - Did you see that? – Buzinas Oct 05 '15 at 02:42
  • i see in your code attachement.contentType & attachement.fileName where is the declaration of that variable ? – Elazaron Mar 28 '17 at 13:41

3 Answers3

5

403 status indicates that request is not authorized. In order to authorize a request you need to specify Authorization header. Confluence REST API supports Basic authorization scheme. For basic authentication you need to specify the following header with each request: Authorization: Basic username:password where username:password part should be Base64-encoded. You can use the following code in order to do this:

string userName;
string password;
string authorizationString = userName + ":" + password;
string encodedValue = Convert.ToBase64String(Encoding.ASCII.GetBytes(authorizationString));
string authorizationHeaderValue = "Basic " + encodedValue;

requestContent.Headers.Add("Authorization", authorizationHeaderValue);

According to this link you also should specify the following url parameter with each request: os_authType=basic.

HTTP basic authentication: (Authorization HTTP header) containing 'Basic username:password'. Please note however, username:password must be base64 encoded. The URL must also contain the 'os_authType=basic' query parameter.

Note: make sure to connect via https if using basic authentication;

Vova
  • 1,356
  • 1
  • 12
  • 26
3

From Confluence documentation (RTFM)

In order to protect against XSRF attacks, because this method accepts multipart/form-data, it has XSRF protection on it. This means you must submit a header of X-Atlassian-Token: nocheck with the request, otherwise it will be blocked.

Add this before the Post

httpClient.Headers.Add("X-Atlassian-Token", "nocheck");
Richard Schneider
  • 34,944
  • 9
  • 57
  • 73
  • I have added the new line and updated the question. The issue now is that tried adding this and now I get 403: Forbidden – leora Sep 25 '15 at 13:53
  • 6
    SO stipulates only 1 question per post. Changing to a new question should be another post. The reason for this is for other people to be able to search for answers to a specific question. – Richard Schneider Sep 25 '15 at 13:59
1

Here is the way I prefer:

string url = "https://localhost:8080/confluence/rest/api/content/123456/child/attachment";
string filename = @"C:\temp\test.txt";
using (var client = new WebClient())
{
    string authorizationString = username + ":" + password;
    string encodedValue = Convert.ToBase64String(Encoding.ASCII.GetBytes(authorizationString));
    client.Headers.Add("Authorization", "Basic " + encodedValue);
    client.Headers.Add("X-Atlassian-Token", "nocheck");
    byte[] result = client.UploadFile(url, filename);
    string responseAsString = Encoding.Default.GetString(result);
}
Markus
  • 1,360
  • 1
  • 16
  • 22