Confluence and Freshdesk images
Private source images need a public delivery boundary.
A Confluence attachment URL that works for an employee is not automatically suitable for a customer-facing Freshdesk article.
Apply for the founding beta →Why copying the image URL is fragile
Confluence attachments may require an authenticated Atlassian session or use URLs whose behavior is controlled by the source account. A Freshdesk visitor does not share that session. Even when an image appears during setup, authentication, permissions, URL shape, or source lifecycle can later make it disappear.
Why the native editor upload was rejected
The Freshdesk browser editor uses a private attachment request authenticated by a browser session cookie and CSRF token. Those credentials are not an acceptable integration surface for a Marketplace product. Sward Sync does not collect them or reverse-engineer that endpoint.
The managed-image approach
- Download the selected attachment through an authorized, documented Confluence API request.
- Validate actual bytes, media type, and size rather than trusting the filename.
- Hash the bytes and store the object under an owned tenant-scoped key in EU object storage.
- Insert a stable HTTPS delivery URL into sanitized Freshdesk article HTML.
- Track which synchronized mappings reference the object.
Deduplication and updates
Content-addressed storage lets the same image bytes reuse one managed object within a tenant. Replacing an attachment produces a new hash and a new object reference. The article update and reference changes are committed as one logical operation so cleanup cannot race ahead of the destination.
Deletion must be conservative
An object becomes a cleanup candidate only after no mapping references it. Automated deletion also requires a generated ownership marker, a retention delay, and a final reference check. Sward Sync never treats an arbitrary URL or bucket key as proof that it owns the object.
What the proof established
The technical proof delivered a Confluence test image from Stockholm-region object storage into a Freshdesk draft, verified it visually, reused the mapping during an update, and reconciled an owned cleanup sentinel. Production work still needs tenant isolation, quotas, monitoring, and operating procedures, but the external-image boundary itself is feasible.