API tokens usage in the authorization header for the "Send web request" action

XMLWordPrintable

    • Jira Software

      Issue Summary

      The current process of using personal API tokens in the authorization header for the "Send web request" action in Jira Cloud Automation poses security concerns. Customers often resort to creating system users to mitigate this, which is also not ideal.

      Steps to Reproduce

      1. Create an automation rule in Jira Cloud.
      2. Add a "Send web request" action.
      3. Attempt to configure the authorization header using a personal API token.

      Expected Results

      Users can configure the "Send web request" action in automation rules without needing to use personal API tokens or create system users, ensuring a secure and efficient process.

      Actual Results

      Users are required to use personal API tokens for authorization, leading to security concerns. To avoid this, many users create system users specifically for automation tasks, which adds complexity and is not an ideal solution.

      Workaround

      Currently, there is no known workaround to fully address the need for secure and efficient authorization for web requests in automation without using personal API tokens or system users. Customers often resort to creating system users, but this is not optimal.

            Assignee:
            Unassigned
            Reporter:
            Lucy
            Votes:
            16 Vote for this issue
            Watchers:
            11 Start watching this issue

              Created:
              Updated: