Does jira webhook registered in Jira system admin page expire after 30 days

Jira Cloud team,

I wonder if a jira webhook registered in System admin page (Manage webhooks | Atlassian Support) expire after 30 days.
I know that webhooks created via Oauth2 API does expire after 30 days.

The second question: for webhooks manually registered from Jira System admin page, how to verify the callback request via these webhooks?

Hello @TeamCoze,

Webhooks registered using the system admin page do not expire after 30 days. This only affects webhooks created by using REST APIs.

I’m not sure what you mean by verifying the callback request via webhooks but if you want to look at the requests being sent at the webhook URL you can register a webhook using https://webhook.site/. It will allow you to easily receive webhooks and check what was returned.

I hope this will be helpful.

Cheers,
Maciej

1 Like

Hi Maciej,

Thanks for the prompt reply!

For my second question of “verifying the callback request via webhooks”, I actually was asking how we are able to verify the callback request IS sent from Jira? Since we expose the webhook to the world, if no security check is applied, anyone could send a malicious callback to this webhook.

Thanks!

Hi @MaciejStanuch

Thanks for the prompt reply!

For my second question of “verifying the callback request via webhooks”, I actually was asking how we are able to verify the callback request IS sent from Jira? Since we expose the webhook to the world, if no security check is applied, anyone could send a malicious callback to this webhook.

Thanks!

Hi @CozeTeam,

I think you can verify the webhook callback by using the Authorization header in the request. The header should contain a signed JWT token with all the necessary information.
Unfortunately, the header isn’t added to webhooks configured on the system admin page.

Cheers!