Uploaded image for project: 'Jira Platform Cloud'
  1. Jira Platform Cloud
  2. JRACLOUD-31953

Webhooks authentication (basic auth and others)

XMLWordPrintable

    • 706
    • 86
    • Hide
      Atlassian Update – 28 February 2024

      Hi everyone,

      We’re pleased to announce an important security update for Jira admin webhooks.

      Users now have the ability to secure webhooks with a new secretfield. This enhancement applies to webhooks created through Jira Administration or via the REST API.

      When a secret is added to a webhook, it is utilized to generate an HMAC (Hash-based Message Authentication Code) signature. This signature is then included in the request header, ensuring the integrity and authenticity of the webhook payload.

      For a comprehensive guide on implementing and understanding this security feature, please refer to the Secure admin webhooks section.

      Kind regards,
      Grażyna Kaszkur, Product Manager

      Show
      Atlassian Update – 28 February 2024 Hi everyone, We’re pleased to announce an important security update for Jira admin webhooks. Users now have the ability to secure webhooks with a new secret field. This enhancement applies to webhooks created through Jira Administration or via the REST API . When a secret is added to a webhook, it is utilized to generate an HMAC (Hash-based Message Authentication Code) signature. This signature is then included in the request header, ensuring the integrity and authenticity of the webhook payload. For a comprehensive guide on implementing and understanding this security feature, please refer to the Secure admin webhooks section. Kind regards, Grażyna Kaszkur, Product Manager

    • Our product teams collect and evaluate feedback from a number of different sources. To learn more about how we use customer feedback in the planning process, check out our new feature policy.

      NOTE: This suggestion is for JIRA Cloud. Using JIRA Server? See the corresponding suggestion.

       

      Description

      As mentioned in the Webhooks documentation page, authentication is only supported when building connect add-ons since in this case the outgoing calls are signed with your app's sharedSecret:

       

       

      It would be nice to have the possibility to configure authentication credentials (basic auth or oauth token) also when creating the Webhooks from the UI.

      Workaround

      You can configure an automation rule (global or project specific) that, when specific conditions are matched, sends an outgoing request using the Send outgoing web request automation action.

      For further details on this please see:

        1. Screenshot 2024-03-07 at 08.55.03.png
          Screenshot 2024-03-07 at 08.55.03.png
          196 kB
        2. Screenshot 2024-04-16 at 16.24.55.png
          Screenshot 2024-04-16 at 16.24.55.png
          1.01 MB
        3. webhooks_error.png
          77 kB

              mwieclawska@atlassian.com Magdalena Wieclawska (Inactive)
              llima LucasA
              Votes:
              425 Vote for this issue
              Watchers:
              249 Start watching this issue

                Created:
                Updated:
                Resolved: