-
Type:
Suggestion
-
Resolution: Unresolved
-
None
-
Component/s: Triggers
-
None
Description
Jira Cloud system webhooks (Settings → System → Webhooks) do not support custom outgoing HTTP headers. This blocks integration with platforms that require header-based authentication, which is a common requirment.
We are attempting to forward Jira audit events to a SIEM platform that requires a specific authentication header on all incoming requests. Because system webhooks cannot send custom headers, we cannot use this native integration path and are forced to build and maintain a polling middleware service as a workaround.
Embedding secrets in the webhook URL query string, the only available alternative, is a security anti-pattern as secrets can be exposed in server logs, proxy logs etc.
Expected behaviour
System webhook configuration should include an optional custom headers section allowing key-value pairs to be added to outgoing requests, consistent with how GitHub, GitLab, and PagerDuty webhooks already work.
Note: This was previously tracked as JRACLOUD-77079 and closed. Given the growing adoption of header-authenticated endpoints across security and observability tooling, we believe this warrants reconsideration.