Uanble to register a new webhook

ThamaraiselvanAnnadu · May 30, 2023, 7:18am

Hello,
I’m trying to subscribe a webhook through REST API in which i’m facing an issue.

I have tried the version 1 API with basic auth(“email:api_key” in base64 encoded) but it is throwing the following error.

{
“message”: “Client must be authenticated to access this resource.”,
“status-code”: 401
}

From the JIRA REST API Documentation i understand that managing webhooks can be only accessible through connect and OAuth 2.0 apps. I have created a new app in my developer account and using the client and client secret i have generated the access token.

Using that access token with “Authorization : Bearer <access_token>” in the headers, still i am facing the same error. During the OAuth login, i’m able to see the access for manage webhooks (PFA)

But still “client must be authenticated” when i try registering a webhook. I have tried the same with the REST API version 3 endpoints (/rest/api/3/webhook) still that error persists.

Can you please help us with this?

epehrson · May 30, 2023, 1:23pm

Hi @ThamaraiselvanAnnadu,

after completing the authorization code grant flow for your OAuth 2.0 (3LO) app, are you able to successfully make a request to https://api.atlassian.com/oauth/token/accessible-resources, as described in the documentation?

If so, are you able to successfully make requests to other Jira Cloud REST APIs?

ThamaraiselvanAnnadu · May 30, 2023, 3:32pm

Yes. I’m able to access all the other APIs using the same access token. Only the registering the webhook API I’m unable to make a successful request.

epehrson · May 31, 2023, 2:14pm

@ThamaraiselvanAnnadu that sounds odd, since that error message should indicate that you haven’t provided any credentials in the request.

Could you please forward this to our Developer and Marketplace Support, including

the OAuth client ID
the Atl-Traceid and X-Arequestid HTTP response headers for a failing request, as well as the approximate time of the request

ThamaraiselvanAnnadu · June 1, 2023, 10:22am

Hello @epehrson ,
Sure. Thanks!

Dario_B · June 9, 2023, 11:33am

Looking at the provided example, this can be happening because you use the API key instead of an API Token.

Something similar to what’s described in: ECO-33 - Misleading error message when authenticating REST API calls with API Key instead of API Token.

Can you please verify?