Activating the Admin Key via API: A Workaround for Enhanced Admin Control

Related content

  • No related content found

Still need help?

The Atlassian Community is here for you.

Ask the community

robotsnoindex

Platform Notice: Cloud - This article applies to Atlassian products on the cloud platform.

Summary

Overtime, we've seen the interest from customers towards using the Admin Key through the REST API in order to perform administrative tasks. However, there is no official feature that supports this functionality. Currently, the only way to activate the Admin Key is through the UI, limiting the flexibility of those who prefer API-based workflows.

We understand how important it is to streamline administrative tasks and have raised a feature request under CONFCLOUD-72443 to officially support this capability. While this request is being considered, we have a workaround that allows activating the Admin Key through the API.

Requirements

  1. API Access with proper authorization.

  2. Familiarity with tools like Postman or the command line tool cURL.

  3. Admin privileges within your system to run the required API calls.

Solution: Activating the Admin Key via API

Activating the Admin Key

To activate the Admin Key using the API, we can run the following command:

cURL Command:

curl --location 'https://<tenant>.atlassian.net/cgraphql?q=EnableSuperAdmin' \
--header 'Accept: */*' \
--header 'Content-Type: application/json' \
--header 'x-apollo-operation-name: EnableSuperAdmin' \
--header 'Authorization: Basic *********' \
--data '[{"operationName":"EnableSuperAdmin","variables":{},"query":"mutation EnableSuperAdmin { enableSuperAdmin { user { id confluence { roles { isSuperAdmin }}}}}"}]'

Alternative: Using Postman

If one prefers using Postman, they can import the above request by creating a new POST request, adding the required headers, and placing the provided JSON data into the body.

Using the Admin Key for Other API Calls

Once the Admin Key is activated, we can use the following Cookie Header to run other APIs with admin privileges:

--header 'Cookie: confluence.asSuperAdmin=true'

For example, to get restrictions from a restricted page where the admin user itself is not allowed, using the Admin Key, we can run this API:

curl --location 'https://<tenant>.atlassian.net/wiki/rest/api/content/<contentID>/restriction' \
--header 'Cookie: confluence.asSuperAdmin=true' \
--header 'Authorization: Basic *****'

Deactivating the Admin Key

This is an important step as ignoring it can lead to some issues.
Once your tasks are complete, deactivate the Admin Key by running the following API:

curl --location 'https://<tenant>.atlassian.net/cgraphql?q=EnableSuperAdmin' \
--header 'Content-Type: application/json' \
--header 'Authorization: Basic *******' \
--data-raw '{"operationName":"DisableSuperAdmin","variables":{},"query":"mutation DisableSuperAdmin @asSuperAdmin { disableSuperAdmin { user { id confluence { roles { isSuperAdmin }}}}}"}'

Conclusion

We hope this workaround helps streamline the administrative tasks until the official feature is available. For any questions or further assistance, feel free to reach out to our support team.



Last modified on Mar 8, 2025

Was this helpful?

Yes
No
Provide feedback about this article

Related content

  • No related content found
Powered by Confluence and Scroll Viewport.