API Endpoints in Use
This page lists the Atlassian REST API endpoints SailPoint Entro uses to perform secret scanning and metadata analysis across Jira and Confluence. All API calls are read-only, designed to ensure transparency and compliance with customer security policies.
Overview
SailPoint Entro interacts with Atlassian products using their official REST APIs. All requests are authenticated via:
-
Personal Access Tokens (PATs) for Server / Data Center
-
API Tokens for Atlassian Cloud
SailPoint Entro never modifies or deletes any data and does not perform any administrative or write operations.
Jira Server / Jira Cloud
| Purpose | Endpoint | Method | Description |
|---|---|---|---|
| List Projects | /rest/api/2/project |
GET |
Retrieves accessible Jira projects for the integration user. |
| Fetch Issues | /rest/api/2/search |
POST |
Returns issue data (title, description, comments, attachments). |
| Issue Comments | /rest/api/2/issue/{issueId}/comment |
GET |
Retrieves all comments on a specific issue. |
| Attachments | /rest/api/2/attachment/{id} |
GET |
Fetches attachment metadata and download URL for text-based files. |
| Users | /rest/api/2/user |
GET |
Identifies integration user and permissions context. |
Note
SailPoint Entro scans issue descriptions, comments, and text attachments only (≤10MB).
Confluence Server / Confluence Cloud
| Purpose | Endpoint | Method | Description |
|---|---|---|---|
| List Spaces | /wiki/rest/api/space |
GET |
Lists available spaces visible to the integration user. |
| Retrieve Pages | /wiki/rest/api/content |
GET |
Retrieves page metadata, content body, and attachments. |
| Page Comments | /wiki/rest/api/content/{id}/child/comment |
GET |
Fetches page comments for secret scanning. |
| Attachments | /wiki/rest/api/content/{id}/child/attachment |
GET |
Retrieves attachment metadata for supported file types. |
Note
SailPoint Entro scans page content, comments, and text-based attachments. Historical page versions and binary files are excluded.
Note
SailPoint Entro does not modify repositories or push commits. All operations are read-only via HTTPS.
Rate Limits & Performance
SailPoint Entro respects Atlassian’s API rate limits:
-
Jira Cloud: 1,000 requests per 10 seconds per user
-
Confluence Cloud: Standard REST API quotas apply
For on-prem installations, SailPoint Entro’s Worker automatically optimizes batch size and concurrency to reduce API load.
Security & Compliance
-
All API calls are read-only and made over HTTPS/TLS.
-
Tokens are scoped to minimal privileges (
readonly). -
SailPoint Entro never stores raw Atlassian content - only metadata and detected findings.
-
The integration fully aligns with SOC 2 Type II, ISO 27001, and GDPR compliance frameworks.
Note
All tokens and communications use secure practices and minimal privileges to ensure customer data protection.