I’m writing a REST plugin module to handle an incoming webhook. The request does not carry an authorization header, so I annotated the method in the rest servlet with @anonymousAllowed as described in the atlassian-rest-api-design-guidelines docs. However, during testing I get a 401 unauthorized response.
My first guess was that the permission scheme does not allow anonymous (there are no ‘anyone’ roles defined), but considering this is a custom plugin, shouldnt the annotation supersede this configuration?
If I were to change the scheme, wouldn’t this expose other methods in the standard api? Is there a way to only allow my methods anonymous execution?