Loading...

XML

Word

Printable

Details

Type: Suggestion
Resolution: Fixed
Component/s: Ecosystem - Webhooks
Labels:
Environment:
AOD

UIS:
706
Support reference count:
86
Current Status:

Hide

Atlassian Update – 28 February 2024

Hi everyone,

We’re pleased to announce an important security update for Jira admin webhooks.

Users now have the ability to secure webhooks with a new secretfield. This enhancement applies to webhooks created through Jira Administration or via the REST API.

When a secret is added to a webhook, it is utilized to generate an HMAC (Hash-based Message Authentication Code) signature. This signature is then included in the request header, ensuring the integrity and authenticity of the webhook payload.

For a comprehensive guide on implementing and understanding this security feature, please refer to the Secure admin webhooks section.

Kind regards,
Grażyna Kaszkur, Product Manager

Show
Atlassian Update – 28 February 2024 Hi everyone, We’re pleased to announce an important security update for Jira admin webhooks. Users now have the ability to secure webhooks with a new secret field. This enhancement applies to webhooks created through Jira Administration or via the REST API . When a secret is added to a webhook, it is utilized to generate an HMAC (Hash-based Message Authentication Code) signature. This signature is then included in the request header, ensuring the integrity and authenticity of the webhook payload. For a comprehensive guide on implementing and understanding this security feature, please refer to the Secure admin webhooks section. Kind regards, Grażyna Kaszkur, Product Manager
Feedback Policy:

Our product teams collect and evaluate feedback from a number of different sources. To learn more about how we use customer feedback in the planning process, check out our new feature policy.

Description

NOTE: This suggestion is for JIRA Cloud. Using JIRA Server? See the corresponding suggestion.

Description

As mentioned in the Webhooks documentation page, authentication is only supported when building connect add-ons since in this case the outgoing calls are signed with your app's sharedSecret:

Declare a webhook module in the descriptor of your Atlassian Connect app (this will register the webhook for your app automatically and ensures webhooks are signed with your app's sharedSecret)

It would be nice to have the possibility to configure authentication credentials (basic auth or oauth token) also when creating the Webhooks from the UI.

Workaround

You can configure an automation rule (global or project specific) that, when specific conditions are matched, sends an outgoing request using the Send outgoing web request automation action.

For further details on this please see:

Automation for Jira - Send web request using Jira REST API

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending
- Thumbnails
- List

Screenshot 2024-03-07 at 08.55.03.png
196 kB
13/Mar/2024 10:13 AM
Screenshot 2024-04-16 at 16.24.55.png
1.01 MB
16/Apr/2024 2:26 PM
webhooks_error.png
77 kB
06/Feb/2013 9:55 PM

Issue Links

is duplicated by

JRACLOUD-40912 Support http basic auth for JIRA webhooks

Closed

JRACLOUD-71965 Allow tokens when creating webhooks

Closed

is related to

JRASERVER-31953 Not being able to create webhooks with basic authentication.

Not Being Considered

relates to

JRACLOUD-71965 Allow tokens when creating webhooks

Closed

mentioned in: Page Loading...; Page Loading...; Page Loading...; Page Loading...; Page Loading...; Page Loading...; Page Loading...; Page Loading...

(7 mentioned in)

Activity

People

Assignee:: Magdalena Wieclawska

Reporter:: LucasA

Votes:: 425 Vote for this issue

Watchers:: 247 Start watching this issue

Dates

Created:: 06/Feb/2013 9:54 PM

Updated:: Yesterday 5:51 PM

Resolved:: 28/Feb/2024 2:44 PM