Anonymous Access to Remote API

XML-RPC and SOAP remote APIs were deprecated in Confluence 5.5 and are disabled by default. They can be enabled, but we recommend using the fully supported Confluence Server REST API wherever possible.

Administrators may wish to disable anonymous access to the Confluence remote API (XML-RPC and SOAP APIs) to make it harder for malicious users to write 'bots' that perform bulk changes to the site.

To disable anonymous access to the remote API:

  1. Select Administration , then select General Configuration
  2. Select Security Configuration in the left-hand panel. The Security Configuration screen will appear.
  3. Select Edit.
  4. Clear the Anonymous Access to Remote API checkbox.
  5. Select Save.

Notes

This page is about access to the remote API. If you are looking for information about preventing anonymous users from accessing Confluence, see Global Permissions Overview.

Last modified on Dec 6, 2024

Was this helpful?

Yes
No
Provide feedback about this article
Powered by Confluence and Scroll Viewport.