Getting Started (End Users)
This guide walks you through connecting an MCP-capable AI client (e.g. Claude Desktop) to your Confluence content via the Secure MCP Server for Confluence.
1. Generate a session tokenβ
- In Confluence, open the Connect MCP page (added by this app to your site's global pages).
- Pick an expiration date. Tokens can last up to 90 days from today.
- Click Generate MCP session token.
- Copy the token shown β it's only displayed once. Treat it like a password: anyone with this token can read any Confluence content you have access to, until it's revoked or expires.
You can only have one active token at a time. Generating a new one automatically revokes the previous one.
2. Connect your MCP clientβ
The Connect MCP page also shows your endpoint URL and a ready-to-paste config snippet, in the form:
{
"confluence": {
"url": "<your-endpoint-url>",
"headers": { "Authorization": "Bearer <your-token>" }
}
}
For Claude Desktop, paste this block into claude_desktop_config.json under the relevant mcpServers/connector section, then restart Claude Desktop.
3. Use itβ
Once connected, ask your AI client things like:
- "Search Confluence for our Q3 roadmap"
- "List the spaces I have access to"
- "Get the comments on page 12345"
- "Show me the content of the 'Onboarding Guide' page"
- "Draft a new page in the DEV space summarizing this conversation"
- "Add a comment to page 12345 with the decision we just made"
The client decides when to call these tools based on your prompt. For the full list of tools and their parameters, see the Tools Reference β note that which tools are available depends on your admin's settings.
Token lifecycleβ
- Expiration: up to 90 days; you choose the exact date when generating.
- Renewal: generate a new token at any time β it replaces the old one immediately.
- Revoking: click Revoke access on the Connect MCP page. Do this immediately if a token is exposed (e.g. committed to a repo, pasted somewhere public).
- Expired tokens: the page shows a warning and lets you remove the expired entry; you'll need to generate a new one to keep using the integration.
What the AI can and cannot doβ
- β Search pages and blog posts, list spaces, read a page's content and comments.
- β Create and update pages, and add comments β always as you, using your own account.
- β Cannot see or change anything you don't already have permission to in Confluence. The app calls Confluence on your behalf using your own account, so your existing permissions always apply.
- β Cannot delete content β there are no delete tools.
- An admin may have disabled the write tools (Create pages and/or Add comments) for everyone, or restricted which spaces and content are reachable β see the Admin Guide.
- By default, page and comment content returned to your AI client is scanned for hidden instructions embedded in the content (indirect prompt injection) before it's passed along, and flagged as untrusted data. An admin can turn this off site-wide; see Admin Guide β Content sanitization.
- Every tool call you make is recorded in your admin's audit log, along with the resolved search query for searches β see Admin Guide β Audit log.
Troubleshootingβ
| Symptom | Likely cause | Fix |
|---|---|---|
| Client reports an auth/401 error | Token missing, mistyped, expired, or revoked | Regenerate the token on the Connect MCP page and update your client config |
| "Session token expired on ..." | Token's expiry date has passed | Generate a new token |
| Search returns nothing for content you know exists | An admin filter may be excluding that space, or the query needs different keywords | Try a simpler query, or ask your admin about the configured filter |
| Client doesn't offer a create-page or add-comment tool | Your admin has disabled that tool category site-wide | Ask your admin to enable it on the Secure MCP Server settings page |
| "Rate limit exceeded" error | Too many requests in a short window (e.g. a runaway or looping client) | Wait a short while and retry; if it persists, check what your client is doing in a loop |