@ibuchanan I have been researching a lot about dynamic webhook creations in Jira via OAuth 1.0 but I couldn’t find anything concrete that says weather it is possible or not. I saw in the documentation as well as in this thread that webhook creation is only allowed through OAuth2.0 BUT I have seen couple of services/products which provides the dynamic webhook creation functionality via OAuth 1.0.
So my specific question is: is it possible to access the dynamic webook creation APIs using OAuth1.0? If it is not then is there any workaround which allows the dynamic webhook creation through REST APIs using OAuth 1.0?
Welcome to the Atlassian developer community @neerajsingh,
I’m pretty sure
POST /rest/webhooks/1.0/webhook works to register a webhook with OAuth 1.0a.
But I feel compelled to as, “Why though?” The OAuth 1.0a documentation explains:
OAuth 1.0a is a legacy authentication method and, therefore, isn’t recommended.
OAuth 1.0a is not deprecated but maybe “legacy” is worse. From a practical perspective, that warning means:
- The user experience is terrible. Riding on top of application links, the UI is confusing for admins, which undermines trust.
- Docs are out-of-date, incomplete, and maybe broken. The REST API docs don’t mention OAuth 1.0a at all, so it’s a matter of experimentation to find which endpoints work and which don’t.
- Very few API clients use it. So developers, including Atlassians like me, don’t know much about it. Most questions you ask here or of our developer support team would be met with “I don’t know.”
Given the risk, could you please explain why you are pursuing OAuth 1.0a? Surely we can recommend a better path or maybe get work done on 3LO to meet your needs.
Hey @ibuchanan I just tested the API BUT doesn’t seem to work. Gives 401 authentication error.
The reason I am emphasizing a little more on the usage of OAuth 1.0 because I have seen many services(which provides Jira Integration) which provide the two way sync functionality using the dynamic webhook creations and the funny part is they all use OAuth 1.0
I am just looking for a solution which allows me to do the same using OAuth 1.0 and I haven’t found anything on the Jira Developer forum. This is somewhat becoming time consuming for us and we want to land the solution as quickly as possible.
Now I understand your response on moving to the OAuth 2.0 BUT I want to exhaust all my options before moving to the OAUth 2.0. If you tell me that it is not possible at all then I will migrate to the OAUth 2.0 BUT still I haven’t got direct no answer, not at least from docs
@ibuchanan I tested the endpoint using basic auth(api key-token) and it works perfectly. I am wondering if there is a possibility of creating/accesssing API tokens through REST endpoints(I feel like it couldn’t be the case. Just wanted to confirm with you) and which could be used to make the webhook calls.
Let’s say if it isn’t possible then - Is there a way to configure a connect app which can creates the dynamic webhooks? Let me brief you about our use case so that you will get what I am trying to do.
Our webapp(outside of atlassian/Jira system) supports the Jira integration. We are using the OAUth 1.0a for the authentication and not able to use webook REST APIs. Now, is there a possibility that we create/configure connect Application(which our users will never see in their flow) to which our webapp can talk/send the requests and connect app can creates the webhooks accordingly?
I don’t have a full clarity on how exactly connect apps work so it might be a weird question BUT again, just want to confirm/exhaust all my options.
Yes. You can follow the instructions about registering a webhook using the REST API for Connect.
Yes. Connect Apps are installed by admins so end-users don’t see the authorization handshake. While much of the Connect App guides and documentation focuses on adding UI elements, nothing requires your App to do so. You can (and many integrations do) use Connect as a “wrapper” over the REST APIs and webhooks.
@ibuchanan Thanks for the clarifications.
Let’s say if we build this connect wrapper which does the webhook configuration work for us then - Can our end users(users of our webapp who are integrating their Jira Workspace with our webapp) see the details of the connect app wrapper in their jira/atlassian workspace/settings/env by any means?
If yes then where can they find out about that?
One more thing - Does this also means that our end users doesn’t need to install any application in their jira workspace?
It’s an odd request. I don’t think the Atlassian APIs and frameworks were built to be “invisible”. Some users (admins) should always be aware of what is going in and out of their site. But I do think your app can remain hidden from “regular users”.
The 1 place that Apps show up without your control as a developer is “Manage Apps”, which is only admins can see:
Yes. Connect Apps are installed by admins so end-users don’t see any installation flow.