GET webhook from connect-app results with "Only apps can access this resource."

Hi, I’m relative new to Jira app-development and again a ‘hand raise’ about the topic webhook - REST.
I read a lot in this community forum and of course the documentation GET-webhook
It seems I miss something!

I have a Connect-App (installed private atm. (REACT - TypeScript))

“scopes”: [“READ”, “WRITE”, “PROJECT_ADMIN”, “NONE”],

Everything is working well, I get issue informations, able to update (PUT) issue-fields where I have to do this (timetracking - estimatedTime) and further things.
One of the last things to integrate is webhooks (GET - POST - DELETE - REFRESH).

I stuck already at GET (of course the others too).

What I do:

  url: "/rest/api/3/webhook",
  type: "GET",
  contentType: "application/json",

Answer: 403 - “Only apps can access this resource.”
Docu: ‘Returned if the caller isn’t an app.’

I don’t get the point.
It is an installed connect-app, I can control my modules, if my App is not the selected timetracking app for Jira, my modules in the issue are not shown. Works well!
And using ‘AP’ in my opinion should do the trick with Authorization for the request.

The only thing I do not have installed in my App is ACE (atlassian-connect-express ACE ) lib.
But I did not found any point, that it is recommended for exact that point (webhooks), also when everything else working as expected.

Hope you can give me the one thing I miss out and hopefully it is not ACE!

Thanks and greetings


Hi @MarkusOrt,

Good news, it is not ACE :slight_smile:

On the other hand, using AP.request() means that although technically the call is from a Connect app, it is impersonating the currently logged-in user making the call from a user’s context. That said since the resource you are trying to access (dynamic webhooks) is only available for apps, the error you are getting is expected.

To be able to make a successful call to this API, it can (should) be accessed in the app’s backend as the app.

Hope this helps.


Thank you @iragudo for that poke!

Maybe the documentation is not clear enough at all. As I wrote, ‘again a hand raise’. So many ppl seem to stuck here.

Have a great day!

You’re welcome, @MarkusOrt, and that feedback is appreciated. I’ll try to update the relevant documentation to make it clearer.


1 Like