Allow custom HTTP headers on Jira Cloud system webhooks

XMLWordPrintable

    • Type: Suggestion
    • Resolution: Unresolved
    • None
    • Component/s: Triggers
    • None

      Description
      Jira Cloud system webhooks (Settings → System → Webhooks) do not support custom outgoing HTTP headers. This blocks integration with platforms that require header-based authentication, which is a common requirment.

      We are attempting to forward Jira audit events to a SIEM platform that requires a specific authentication header on all incoming requests. Because system webhooks cannot send custom headers, we cannot use this native integration path and are forced to build and maintain a polling middleware service as a workaround.

      Embedding secrets in the webhook URL query string, the only available alternative, is a security anti-pattern as secrets can be exposed in server logs, proxy logs etc.

      Expected behaviour
      System webhook configuration should include an optional custom headers section allowing key-value pairs to be added to outgoing requests, consistent with how GitHub, GitLab, and PagerDuty webhooks already work.

      Note: This was previously tracked as JRACLOUD-77079 and closed. Given the growing adoption of header-authenticated endpoints across security and observability tooling, we believe this warrants reconsideration.

              Assignee:
              Unassigned
              Reporter:
              Mark Lynch
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

                Created:
                Updated: